Overview

overview

10

Static

static

1

b334e0d09c...8f.vbs

windows7-x64

10

b334e0d09c...8f.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b334e0d09cea851bd72d2346526a8bfd15a5dbd5ed4a36f0d0fd603a04b4e48f.zip

  • Size

    188KB

  • Sample

    230824-zcklgafd88

  • MD5

    9f7bb4d4cc7b4745abb82f0b4252f0c5

  • SHA1

    1b26fb2d3ea7649947e418db0347b3a5d6416256

  • SHA256

    95bb46185c352b770ee7bb43ef8635058fc180879d6de6627991e06468329042

  • SHA512

    5b7f3b241b94066a7a6f050390f904d7b80899f8d38fb52632bf41814669cb9a3a72ffa3a5ae5a253681cee26eaa1e52d367b27e0c2f0c08e33de1ac88f74a5c

  • SSDEEP

    3072:klYiI/ePxskk5t73lPTuDKjQSycqLVNAseisry0bX65yS2OPd2rxwnNZxh9G:WYiuePxzk3JT+8Qlc87KNnlSBdsxeO

Score
10/10
gozi2000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    217112

Extracted

Family

gozi

Botnet

2000

C2

ad1.wensa.at/api1

nort.calag.at/api1
Attributes
  • build

    217112

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • dns_servers

    193.183.98.66

    51.15.98.97

    94.247.43.254

    195.10.195.195

    8.8.8.8

  • exe_type

    loader

  • server_id

    730

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      b334e0d09cea851bd72d2346526a8bfd15a5dbd5ed4a36f0d0fd603a04b4e48f

    • Size

      847KB

    • MD5

      2368e9e529ee85a9c57efae72ee32a63

    • SHA1

      6c9c1510ca27b115323ff2c11f004fbcb7bf03f8

    • SHA256

      b334e0d09cea851bd72d2346526a8bfd15a5dbd5ed4a36f0d0fd603a04b4e48f

    • SHA512

      a9146dfcf5b0fbe3491898257373c526dfba2b782e45e911b7490a661eed295081c6858eeb7b574f9dfa23b6ede7ba17f2e78e53b3c5613dc07c19d5c89e0c60

    • SSDEEP

      6144:DSI4WZ5LeyWnPuoWD8TgkcObHofZMMKzqXCFdlXYkq8xM2dC0tk2+NEImlKiYebD:D/4r

    Score
    10/10
    gozi2000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks