Overview

overview

10

Static

static

3

f08827fd5d...48.dll

windows7-x64

10

f08827fd5d...48.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79c68cde8f43d762c4ecb97d359fc9c4.bin

  • Size

    405KB

  • Sample

    230720-b4e83acf5z

  • MD5

    57433071b7653f7c5488a26dd07db5f5

  • SHA1

    3526c23661d00599643c59409e2ebd08852801c6

  • SHA256

    50df34c32a8f586bc617bd6d1dd2edcaaf91d02b42537c9d53b33e8113293cce

  • SHA512

    41af314604f679621f11e1f68486fa657f4c5c575099bf168e0c6c0ccba0b7ae4df5a8fc0a58afd7e52852cf4b1cc20464f92226de3c8bf4e63203af28ce3e86

  • SSDEEP

    12288:/xi1BhHfEN2AeBxSDGQeE5TdRXH3tcDs31:sGuxSH5THtJ31

Score
10/10
gozi20000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91
Attributes
  • base_path

    /zerotohero/

  • build

    250260

  • exe_type

    loader

  • extension

    .asi

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      f08827fd5dba2f6ffda8f931b5f2e1c18012b74ed753ea76a0a511e095eb1648.dll

    • Size

      803KB

    • MD5

      79c68cde8f43d762c4ecb97d359fc9c4

    • SHA1

      05b04bc2e3a9c406b37fa7ba4c4b70deacae8b16

    • SHA256

      f08827fd5dba2f6ffda8f931b5f2e1c18012b74ed753ea76a0a511e095eb1648

    • SHA512

      c6e261544ea80b982397d42a80023ea20694bb7296284e6ab77fc7615af64c2d14b39187088c26e5536cbe435eac9f89297ad85b2513cbe97d5bf380e253ebef

    • SSDEEP

      12288:OU+W2RNfboq2Fxto4obJj6eO/VTzFGF1d3Of1ZB4kd8AzVhml7wIKHaP:p+TNfsq239obV6pNXIF1sN4kdJmpO6P

    Score
    10/10
    gozi20000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks