gozi | f30c5ed2af4436ac9fd0a2111f8893a91c9062329039f0ed2855319d8c24d1df | Triage

Resubmissions

27-09-2023 18:28

230927-w4n67adc71 10

27-09-2023 18:24

230927-w1438sef63 10

Sharing

General

Target

69ce9bbdf3bd19b420ae8649e8c14348ca006db84643d2d7e16ee890e0fa706c.zip
Size

220KB
Sample

230927-w4n67adc71
MD5

e8b79ed5a785d48bca5cfa1bc5e048a5
SHA1

dff912acb42c27a46dd2f99d504ff0e4727cfe16
SHA256

f30c5ed2af4436ac9fd0a2111f8893a91c9062329039f0ed2855319d8c24d1df
SHA512

cf6c031cc387602924c3849e16cd9d35481c8e84f9d7875d8c3b46db367d7150bdf09210c3875d9136502c5b7c3c67882a5be3d4832d7c3374fc294ccd0bed21
SSDEEP

6144:njAJpJ9l2Lyuq0biRX8pefY2tEvs/EB9OFWiCStoNIIIg83d:jAJG+dimyey9I9oNWt

Score

10^/10

gozi 444 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

444

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  thegradcafe.exe
- Size
  
  396KB
- MD5
  
  e5016a6e719b2100ba672ae173ac9a64
- SHA1
  
  315be96c1d9a7e8ea0867a4744f6b064ed6b3670
- SHA256
  
  a650279899a57cbf1e21d1e481bb02e10715df746f987999a67253ae8390c4d5
- SHA512
  
  71f2e728a36cfe195e500995101bb0b0b67fa027caf338df3be87f6a9424052a59d39a19317916d97dd6882c4b4ab508b33d7de5181be70c9be20aa27d404980
- SSDEEP
  
  6144:cvTbxcq8gPFK3gbJEESsJ5YqA+cv7PCfpHVyVf:6yq9t6sEFUPEjP2pHVyVf
Score

10^/10

gozi 444 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi444bankerisfbtrojan

behavioral2

gozi444bankerisfbtrojan