gozi | cd8393350f7cfc0762e09ee3b0a98002a1b9abf362caf5f210e717e1d4ebe53a | Triage

Submit
Reports

Overview

overview

Static

static

1

05234599.msi

windows7-x64

05234599.msi

windows10-2004-x64

Sharing

General

Target

05234599.msi
Size

5.8MB
Sample

230526-pd5b6afh4t
MD5

82ff84cb9924f0855a894e75b5d3edb2
SHA1

df89381239f8a8ececeb697a6a35a573203bac09
SHA256

cd8393350f7cfc0762e09ee3b0a98002a1b9abf362caf5f210e717e1d4ebe53a
SHA512

416db643cbfda60b26bb3eac8b6a94b148b506bc016d562bc51e085f765400c56412462b42e2e29dcc44fa621349781c1c225081804c528a0a7fd1822663597b
SSDEEP

98304:ajJzMUpQ/2zKN5DmsQPKEvia5Zld9l4jH43ZnzgB1wLhQNHFRaFUDAQQHk8iQdvk:M5NzKNgsKKE6UZD9l4IZnzgLwLhQNHFd

Score

10^/10

gozi 1000 banker ldr4 trojan

Static task

static1

Behavioral task

behavioral1

Sample

05234599.msi

Resource

win7-20230220-en

gozi 1000 banker ldr4 trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

05234599.msi

Resource

win10v2004-20230220-en

gozi 1000 banker ldr4 trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://sumarno.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Targets

- Target
  
  05234599.msi
- Size
  
  5.8MB
- MD5
  
  82ff84cb9924f0855a894e75b5d3edb2
- SHA1
  
  df89381239f8a8ececeb697a6a35a573203bac09
- SHA256
  
  cd8393350f7cfc0762e09ee3b0a98002a1b9abf362caf5f210e717e1d4ebe53a
- SHA512
  
  416db643cbfda60b26bb3eac8b6a94b148b506bc016d562bc51e085f765400c56412462b42e2e29dcc44fa621349781c1c225081804c528a0a7fd1822663597b
- SSDEEP
  
  98304:ajJzMUpQ/2zKN5DmsQPKEvia5Zld9l4jH43ZnzgB1wLhQNHFRaFUDAQQHk8iQdvk:M5NzKNgsKKE6UZD9l4IZnzgLwLhQNHFd
Score

10^/10

gozi 1000 banker ldr4 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gozi1000bankerldr4trojan

behavioral2

gozi1000bankerldr4trojan

© 2018-2024

Terms | Privacy