gozi | ac2e0ea966d0a2d648fc6681c61f86617bd9acb960efda7d17521e3ebaaf3a36 | Triage

Sharing

General

Target

3939.7z
Size

337KB
Sample

230718-wjkm9sdg4v
MD5

579f9bd0dede301f7442eb5ee6a0d35a
SHA1

7fdfffb492298a0755adf6a16b6743aa89322c97
SHA256

ac2e0ea966d0a2d648fc6681c61f86617bd9acb960efda7d17521e3ebaaf3a36
SHA512

757d3c52201e4a3d64b5551a73f3e9d39a2601e65c34c85bfa4625b41ed1d065211f2ac3ec44db8a62cd078d478e04918363d0c585870e0ca4d63507e697dc6a
SSDEEP

6144:vvapfDMvWQakRSo2Dc12e7mXQafMuTiA4g+iSIMT7DimmAydomjo4rVds6QN:vvahAvrpRSDO56XnR+iSIOBm9P3s1

Score

10^/10

gozi 20000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91

Attributes

base_path
/zerotohero/
build
250260
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  3939.dll
- Size
  
  803KB
- MD5
  
  79c68cde8f43d762c4ecb97d359fc9c4
- SHA1
  
  05b04bc2e3a9c406b37fa7ba4c4b70deacae8b16
- SHA256
  
  f08827fd5dba2f6ffda8f931b5f2e1c18012b74ed753ea76a0a511e095eb1648
- SHA512
  
  c6e261544ea80b982397d42a80023ea20694bb7296284e6ab77fc7615af64c2d14b39187088c26e5536cbe435eac9f89297ad85b2513cbe97d5bf380e253ebef
- SSDEEP
  
  12288:OU+W2RNfboq2Fxto4obJj6eO/VTzFGF1d3Of1ZB4kd8AzVhml7wIKHaP:p+TNfsq239obV6pNXIF1sN4kdJmpO6P
Score

10^/10

gozi 20000 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi20000bankerisfbtrojan

behavioral2

gozi20000bankerisfbtrojan