gozi | 63827113192d02e81371453ef61c3882b1f0abca89459ea78d6baa31bc2fe83d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.exe
Size

617.3MB
Sample

230608-155b1sac74
MD5

66bd2a1dd8540c9d7281d1e36cee0c1b
SHA1

7407f62b80f1ce48f4a9500e82a6370faf689025
SHA256

63827113192d02e81371453ef61c3882b1f0abca89459ea78d6baa31bc2fe83d
SHA512

feb5ea41e05d59568115c8fef6fde731d030eb056c9e033a354e8c53a009bb65db86d9cdff6ae3bf5ea6938ed90fab233e0716f604cf2f366fae0e3848730db0
SSDEEP

12288:6pWvULtx0eFQ4+zoL/sB14b/FmQxXXzb9wZptR4b9wZptRUyoIOJ:6pTx5FQ5oL/sB1cFm8X9yi9ygP

Score

10^/10

gozi 555756 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

555756

C2

http://logonn.biinng.com

http://78.153.130.9

http://llogiin.biinng.com

http://45.15.157.239

Attributes

base_path
/zerotohero/
build
250257
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1.exe
- Size
  
  617.3MB
- MD5
  
  66bd2a1dd8540c9d7281d1e36cee0c1b
- SHA1
  
  7407f62b80f1ce48f4a9500e82a6370faf689025
- SHA256
  
  63827113192d02e81371453ef61c3882b1f0abca89459ea78d6baa31bc2fe83d
- SHA512
  
  feb5ea41e05d59568115c8fef6fde731d030eb056c9e033a354e8c53a009bb65db86d9cdff6ae3bf5ea6938ed90fab233e0716f604cf2f366fae0e3848730db0
- SSDEEP
  
  12288:6pWvULtx0eFQ4+zoL/sB14b/FmQxXXzb9wZptR4b9wZptRUyoIOJ:6pTx5FQ5oL/sB1cFm8X9yi9ygP
Score

10^/10

gozi 555756 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi555756bankerisfbtrojan

behavioral2

gozi555756bankerisfbtrojan