gozi | 0c21cc2b9bf1e49a8b2eada21a695170c89a52fe209b13c6b136cb189fd62abb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12e493f7a5f1d8487239d477631457b9
Size

524KB
Sample

230822-z8xkxafe24
MD5

12e493f7a5f1d8487239d477631457b9
SHA1

5a1173f347eb6d0bf3d76606008c4bee0dac65e0
SHA256

0c21cc2b9bf1e49a8b2eada21a695170c89a52fe209b13c6b136cb189fd62abb
SHA512

401a05b5ae15aae6b66191ef310946d2cdfcb74aea4b54c72d173d5d2c91541109808e8db26d988191c183f014595c628883656a157e6275bf72da20386430a5
SSDEEP

12288:q1DmCRaGA1J9NlMn1zn+AWkCDb8we0Yz2yCHBhaaB8O:IKCYTza1zNWkAQZ0M2yCj

Score

10^/10

gozi 555000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

555000

C2

http://185.212.47.65

http://45.155.249.172

http://78.138.9.136

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91

Attributes

base_path
/zerotohero/
build
250260
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  12e493f7a5f1d8487239d477631457b9
- Size
  
  524KB
- MD5
  
  12e493f7a5f1d8487239d477631457b9
- SHA1
  
  5a1173f347eb6d0bf3d76606008c4bee0dac65e0
- SHA256
  
  0c21cc2b9bf1e49a8b2eada21a695170c89a52fe209b13c6b136cb189fd62abb
- SHA512
  
  401a05b5ae15aae6b66191ef310946d2cdfcb74aea4b54c72d173d5d2c91541109808e8db26d988191c183f014595c628883656a157e6275bf72da20386430a5
- SSDEEP
  
  12288:q1DmCRaGA1J9NlMn1zn+AWkCDb8we0Yz2yCHBhaaB8O:IKCYTza1zNWkAQZ0M2yCj
Score

10^/10

gozi 555000 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi555000bankerisfbtrojan

behavioral2

gozi555000bankerisfbtrojan