gozi | e9137b6ffb34aff26d446c5083628fb06722d261e61db322292746e85f024c11 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1.exe
Size

483.3MB
Sample

230608-ym4awsaf6x
MD5

ca761afa8264a781e555d337bcb57c7b
SHA1

e09b037007012e597d571334c495942af7ebc7c5
SHA256

e9137b6ffb34aff26d446c5083628fb06722d261e61db322292746e85f024c11
SHA512

db154691bbba4335cc88877c0739970acbf347e601f0a6f0316decb2c86d1ceff79aa57ef8904fe87627c574f74c39dc2d11fd994a37368b57d1b695837fbd71
SSDEEP

12288:6pWvULtx0eFQ4+zoL/sB14b/FmQxXXzb9wZptR4b9wZptRUyoIOJ3:6pTx5FQ5oL/sB1cFm8X9yi9ygPB

Score

10^/10

gozi 555756 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

555756

C2

http://logonn.biinng.com

http://78.153.130.9

http://llogiin.biinng.com

http://45.15.157.239

Attributes

base_path
/zerotohero/
build
250257
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  1.exe
- Size
  
  483.3MB
- MD5
  
  ca761afa8264a781e555d337bcb57c7b
- SHA1
  
  e09b037007012e597d571334c495942af7ebc7c5
- SHA256
  
  e9137b6ffb34aff26d446c5083628fb06722d261e61db322292746e85f024c11
- SHA512
  
  db154691bbba4335cc88877c0739970acbf347e601f0a6f0316decb2c86d1ceff79aa57ef8904fe87627c574f74c39dc2d11fd994a37368b57d1b695837fbd71
- SSDEEP
  
  12288:6pWvULtx0eFQ4+zoL/sB14b/FmQxXXzb9wZptR4b9wZptRUyoIOJ3:6pTx5FQ5oL/sB1cFm8X9yi9ygPB
Score

10^/10

gozi 555756 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi555756bankerisfbtrojan

behavioral2

gozi555756bankerisfbtrojan