Overview

overview

10

Static

static

3

ZjFoLkjWBL...ow.dll

windows7-x64

10

ZjFoLkjWBL...ow.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZjFoLkjWBLCzPlBXvRoxow.dll

  • Size

    499KB

  • Sample

    230531-kvyhqaec81

  • MD5

    d24bad9f74a3cb645f25500552860d7d

  • SHA1

    1f178b5501b0cfba33be5391b9cfa9c3eb20bfb3

  • SHA256

    d50570c1b4d064fb1f6e855d0c27ac1958a7a32c3cef5e6373094d82647f5bd4

  • SHA512

    e71e825c682c4e5e7e82e8d57658e2b07737733ce4b455631d01d36151b4e20029c231419424ad18ea99eac789f8789363a9325975de65fcb64dfaf1098a27ed

  • SSDEEP

    12288:CCTVqq1Tb1bfFBfDtNK+UmDFZIdP03d5700R:LToq9Rf7tNK+HrId03dxt

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://fazz.bing.com/check

http://provaterta.com
Attributes
  • base_path

    /jerry/

  • build

    250257

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      ZjFoLkjWBLCzPlBXvRoxow.dll

    • Size

      499KB

    • MD5

      d24bad9f74a3cb645f25500552860d7d

    • SHA1

      1f178b5501b0cfba33be5391b9cfa9c3eb20bfb3

    • SHA256

      d50570c1b4d064fb1f6e855d0c27ac1958a7a32c3cef5e6373094d82647f5bd4

    • SHA512

      e71e825c682c4e5e7e82e8d57658e2b07737733ce4b455631d01d36151b4e20029c231419424ad18ea99eac789f8789363a9325975de65fcb64dfaf1098a27ed

    • SSDEEP

      12288:CCTVqq1Tb1bfFBfDtNK+UmDFZIdP03d5700R:LToq9Rf7tNK+HrId03dxt

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks