gozi | bec6228157ea77b37b4e021cceba5002f587b3461677bf18b93fd5d29fa6403e | Triage

Sharing

General

Target

1ff3761d62cc5ee7c888a8c1bdd9d1ac.bin
Size

405KB
Sample

230720-bjasvaca52
MD5

b95f93b016b90a03a118642613601807
SHA1

18d278ead689dc9b612d763b7680b79fb2257cbf
SHA256

bec6228157ea77b37b4e021cceba5002f587b3461677bf18b93fd5d29fa6403e
SHA512

101f191969dff62c80b96e490e6d1118b842067fcd489d37615fecdd4a14207a5c34280b969be56735fb6d7e3c4b443754b184ef391d4c877d8af038e4abb3b8
SSDEEP

12288:I4+/Uf8cuMXKJsCmOKG/BgFX8zdHR7mUIfoBO:I4LpIp66zvmU9Y

Score

10^/10

gozi 20000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91

Attributes

base_path
/zerotohero/
build
250260
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  f8a1d78eb7691f90053a5d7ad70588bed4c4a5cdd7bc949c368d8c2bc62f95c4.dll
- Size
  
  802KB
- MD5
  
  1ff3761d62cc5ee7c888a8c1bdd9d1ac
- SHA1
  
  093cb13d256ff3e367cc8c60fe68f96582a35f29
- SHA256
  
  f8a1d78eb7691f90053a5d7ad70588bed4c4a5cdd7bc949c368d8c2bc62f95c4
- SHA512
  
  ada337d5aabdae0eb14001e44c56f5be72aa9aafb27a45f61356e0be9f4a0f96dd55d5dfa71cce674f856609af315007ab3ebb5af9daebde6d446912535547af
- SSDEEP
  
  12288:/+WNeJLmTo/dgvHKRNR7PlB5D9Di/2ytQLP647vpvWhRodzXo/fGRAkMwFroD:/+Q46To/dgPOVP35ZWrs6kvonx6o
Score

10^/10

gozi 20000 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi20000bankerisfbtrojan

behavioral2

gozi20000bankerisfbtrojan