gozi | 8bb04ebea49b92e090b777efedfa44c8aa881a5531a0791f7f2404d0d50f9963 | Triage

Sharing

General

Target

Organizzazione.url
Size

192B
Sample

231003-kvq4msbd53
MD5

52aa02b4f67f2f504fcb991e6d094e58
SHA1

87e772a1597eba6b20bb750fd79c9ac30738229a
SHA256

8bb04ebea49b92e090b777efedfa44c8aa881a5531a0791f7f2404d0d50f9963
SHA512

e5baa8bbce30f1ca6c64705b9145454857c02f2a27308fc27b07c145517cbd3ccbde2cb57f94459df9fe4311a82cb3607f097a6219286f1d9eca44b953d54be4

Score

10^/10

gozi 5050 banker dave isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

46.8.210.250

31.41.44.9

185.247.184.139

62.72.33.155

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Organizzazione.url
- Size
  
  192B
- MD5
  
  52aa02b4f67f2f504fcb991e6d094e58
- SHA1
  
  87e772a1597eba6b20bb750fd79c9ac30738229a
- SHA256
  
  8bb04ebea49b92e090b777efedfa44c8aa881a5531a0791f7f2404d0d50f9963
- SHA512
  
  e5baa8bbce30f1ca6c64705b9145454857c02f2a27308fc27b07c145517cbd3ccbde2cb57f94459df9fe4311a82cb3607f097a6219286f1d9eca44b953d54be4
Score

10^/10

gozi 5050 banker dave isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi5050bankerdaveisfbtrojan