gozi | e33a713b96b45e2b2e0da350c0fdaaf865139607066aadff3b67b0ced82ca8bc | Triage

Sharing

General

Target

4zpxO5a0XisuDaNQwP2q_GUTlgcGaq3-O2ewztgsqLw.bin
Size

287KB
Sample

230526-lpqrcsfd4v
MD5

d0584edcc980ef43e697629ade83c54b
SHA1

a68deea2d4f40bef60c7f605bc2aae9698259e69
SHA256

e33a713b96b45e2b2e0da350c0fdaaf865139607066aadff3b67b0ced82ca8bc
SHA512

917f8206777512ba537c3b67d4e1a31cbf86c690986ef617d5ee34a7818ce09c23067caae3d22a9e1ff7dba0fdf17322f33b579ca0827f19ef0cbabe2f486b5e
SSDEEP

6144:YwqnlTIaNrhtD+Cqdoazww2X/4TFEX0Ia:5qln1Y2MTGkI

Score

10^/10

gozi 1000 banker ldr4 trojan

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://sumarno.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  4zpxO5a0XisuDaNQwP2q_GUTlgcGaq3-O2ewztgsqLw.bin
- Size
  
  287KB
- MD5
  
  d0584edcc980ef43e697629ade83c54b
- SHA1
  
  a68deea2d4f40bef60c7f605bc2aae9698259e69
- SHA256
  
  e33a713b96b45e2b2e0da350c0fdaaf865139607066aadff3b67b0ced82ca8bc
- SHA512
  
  917f8206777512ba537c3b67d4e1a31cbf86c690986ef617d5ee34a7818ce09c23067caae3d22a9e1ff7dba0fdf17322f33b579ca0827f19ef0cbabe2f486b5e
- SSDEEP
  
  6144:YwqnlTIaNrhtD+Cqdoazww2X/4TFEX0Ia:5qln1Y2MTGkI
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan