gozi | 02ba7ec706193f391ef1e7bd3cdd6a374384aa2cb39f81633a1e7e41948c1f7b | Triage

Sharing

General

Target

11591273157.zip
Size

310KB
Sample

230831-q8mahafd47
MD5

5f71b8f49697eda0c9f9ab1b010befa8
SHA1

1d36de7398ebb04d797ad7b0a8dff3ce7f375783
SHA256

02ba7ec706193f391ef1e7bd3cdd6a374384aa2cb39f81633a1e7e41948c1f7b
SHA512

d579a226d95d82f582003469a69128f7e54126bf8ccce42cc6f32c909e6020e49f5c74d974e17f8dd6908cfee5953a9dd35542fcf4efc338e441d4ae95346b9c
SSDEEP

6144:iF37YxxmH3sWD74pggu8IGQqhBQSFMF+h18Yn1vg6sWYX+:Q62fXWQ7C1Mk8Y1vlstO

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

config.edge.skype.com

optinetwork.top

interspin.top

dendexmm.com

Attributes

base_path
/jerry/
build
250249
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  201752c6d4a98d6dc6a693beade4f30097347d1472147b59bed1a4fd91d817cd
- Size
  
  492KB
- MD5
  
  83a4b9b0266a30e52d51aef5317067be
- SHA1
  
  914f2275fa5c061a0bcb8c2b2f094645bda27575
- SHA256
  
  201752c6d4a98d6dc6a693beade4f30097347d1472147b59bed1a4fd91d817cd
- SHA512
  
  f9391e5d3ff7cf4242d1513724ecdf863391e5a7c489443392f8964e24ad75e883f65d01e84b372faba43e4923dff9890e6d3764d2b6ded031726ce91fe57a56
- SSDEEP
  
  6144:gtkZIOdi1a/nGAHSzssd4BxrobrVvEp5HH6ZUNCVcj9lVMJ:ZIuiA/nry9u8HU8UNGA9lVM
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5050bankerisfbtrojan

behavioral2

gozi5050bankerisfbtrojan