gozi | 5cc3089e6115e50b2b1182b5789124c3d8386e7525eab3946984ff79ce47ff23 | Triage

Sharing

General

Target

12122960167.zip
Size

140KB
Sample

231002-p42zqace59
MD5

83f523f78267fef004ad1494ce4104e0
SHA1

95412ddfae651131f7021b3527df2fa21ff56d9b
SHA256

5cc3089e6115e50b2b1182b5789124c3d8386e7525eab3946984ff79ce47ff23
SHA512

2fe476cb9af827e264a599f07a639ed9434fe6ab24fa869cd5208171e27729991664b1803b1f456e3dcdc8ea1a616b959d426073bec4e0855720953e8b8616c6
SSDEEP

3072:Mhb2JermS8zV7LW++JbrlQxpNI3YfdHUunHxDOPZKjxnQul:MMJeGzxLwJtWPII1nDOPYiul

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.204

Attributes

base_path
/jerry/
build
250255
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  cb652995b061a5269f7e4f51a01c2282108c307fcddd043a0d8ceae29c795cff
- Size
  
  241KB
- MD5
  
  6a8250fc42834f3ee7923c6fbc419296
- SHA1
  
  01a8b47f3690f09665f5624bda8ec733234dd526
- SHA256
  
  cb652995b061a5269f7e4f51a01c2282108c307fcddd043a0d8ceae29c795cff
- SHA512
  
  67e7b9366d0d6e3754f501f341b820556a3dd2cc4288c1c56ff0b12285104a1d45a534f7af37bdf42ab5d843eab8b68e7fbc7d5b3233d784c6d59cf3791802e8
- SSDEEP
  
  6144:hwBleesZTUgRttGQn0yf5tk3Etd9F4veS:sge6aQZ5tLIe
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5050bankerisfbtrojan

behavioral2

gozi5050bankerisfbtrojan