gozi | 98779991fa44325795e00abb85cb6a12222fd1276af3c215cadcdf2373afc5c5 | Triage

Sharing

General

Target

98779991fa44325795e00abb85cb6a12222fd1276af3c215cadcdf2373afc5c5_JC.zip
Size

150KB
Sample

230929-p73qesca87
MD5

0f664886ef196071b65a482e299123eb
SHA1

302fca038952803a548d1288732b84fe9e1c57ec
SHA256

98779991fa44325795e00abb85cb6a12222fd1276af3c215cadcdf2373afc5c5
SHA512

e569073582db4585fbbfe79dd238cd882f111d1a946b522306f886d6a619590546d9a158e8a001b9e01235eb451799e167a2b000abf881e4818bc4627f0c9487
SSDEEP

3072:yCyVwqsvkzBbwt5ffhazbNFtH8B8tSDXaKcPMjbz9nEDLkktMJIHmbJpRySnzrjd:yCyaqikdM/gzbNFh8BR3cPM2DLkkGH+6

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

netsecurez.com

whofoxy.com

mimemoa.com

ntcgo.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  client.exe
- Size
  
  243KB
- MD5
  
  5443e928a0871e9bc94ea21c7d9afeeb
- SHA1
  
  750e185524650c7e3c1899f09dd310a32a573bb0
- SHA256
  
  a2d1e788f4bb4f2d5e78004374b60c39a7208dcc4e8523eca686719d32bedd4d
- SHA512
  
  f9cd49bb339850e5988edc0e137c7aeee19a80af13f605dbf7154debfad5c95221d74893e60ad5feeba9016d58ef5f0108bf7ab4a5c2615a34a28b97480ab818
- SSDEEP
  
  3072:5W1+V6j0oC9M4d76cPMjbz9nEDL2kYAs5cKWChTrDP:52nwo0Mo76cPM2DL2t+KWSTH
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5050bankerisfbtrojan

behavioral2

gozi5050bankerisfbtrojan