gozi | f8a1d78eb7691f90053a5d7ad70588bed4c4a5cdd7bc949c368d8c2bc62f95c4 | Triage

Sharing

General

Target

f8a1d78eb7691f90053a5d7ad70588bed4c4a5cdd7bc949c368d8c2bc62f95c4.bin.dll
Size

802KB
Sample

230718-s8rw4acf4t
MD5

1ff3761d62cc5ee7c888a8c1bdd9d1ac
SHA1

093cb13d256ff3e367cc8c60fe68f96582a35f29
SHA256

f8a1d78eb7691f90053a5d7ad70588bed4c4a5cdd7bc949c368d8c2bc62f95c4
SHA512

ada337d5aabdae0eb14001e44c56f5be72aa9aafb27a45f61356e0be9f4a0f96dd55d5dfa71cce674f856609af315007ab3ebb5af9daebde6d446912535547af
SSDEEP

12288:/+WNeJLmTo/dgvHKRNR7PlB5D9Di/2ytQLP647vpvWhRodzXo/fGRAkMwFroD:/+Q46To/dgPOVP35ZWrs6kvonx6o

Score

10^/10

gozi 20000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91

Attributes

base_path
/zerotohero/
build
250260
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  f8a1d78eb7691f90053a5d7ad70588bed4c4a5cdd7bc949c368d8c2bc62f95c4.bin.dll
- Size
  
  802KB
- MD5
  
  1ff3761d62cc5ee7c888a8c1bdd9d1ac
- SHA1
  
  093cb13d256ff3e367cc8c60fe68f96582a35f29
- SHA256
  
  f8a1d78eb7691f90053a5d7ad70588bed4c4a5cdd7bc949c368d8c2bc62f95c4
- SHA512
  
  ada337d5aabdae0eb14001e44c56f5be72aa9aafb27a45f61356e0be9f4a0f96dd55d5dfa71cce674f856609af315007ab3ebb5af9daebde6d446912535547af
- SSDEEP
  
  12288:/+WNeJLmTo/dgvHKRNR7PlB5D9Di/2ytQLP647vpvWhRodzXo/fGRAkMwFroD:/+Q46To/dgPOVP35ZWrs6kvonx6o
Score

10^/10

gozi 20000 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi20000bankerisfbtrojan

behavioral2

gozi20000bankerisfbtrojan