Overview

overview

10

Static

static

3

988525c97a...1d.exe

windows7-x64

10

988525c97a...1d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12135062398.zip

  • Size

    120KB

  • Sample

    231004-t4hnasda7y

  • MD5

    fa6b12ab230f1f836101753945618024

  • SHA1

    9475660216e40d6d28df6dd15c96882984d9940c

  • SHA256

    3a98810128e59a060f293441bc7fd1aeebfd5a1673174fcb849bcbbdbfcaeaeb

  • SHA512

    86942859bf9bdf9516295c851c731718d8d7bdd161f18500b3fde4aa070994cfac3b6c99950465cece04146a92700397dcd583955e3386959239dbc68f3feabe

  • SSDEEP

    3072:ci/NZH1oIu1zL+0hZx/UliKQRDpOuVicU1zi319u9bm1:ckZVoIu1zhZxQQLOsIslM9bm1

Score
10/10
gozi2000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2000

C2

trackingg-protectioon.cdn1.mozilla.net

194.76.225.164

185.158.251.205
Attributes
  • base_path

    /fonts/

  • build

    250240

  • exe_type

    loader

  • extension

    .bak

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      988525c97ae50a2db8e5bcf509c5b77a88ccffeb8ac90515628bc4fd2db5061d

    • Size

      290KB

    • MD5

      d9ae3e6545ad06996ef751ac27ada0e6

    • SHA1

      ce159cc1ec1e612e8b607397f79630865351c166

    • SHA256

      988525c97ae50a2db8e5bcf509c5b77a88ccffeb8ac90515628bc4fd2db5061d

    • SHA512

      90508e940ce27239c0137671fb0c9aaebf1a30c04bc7bc80dec940071ff3917b854afb63ab2794abb372b8b729ab4af7aa29ccfe6401a532c818eb95fee3a10c

    • SSDEEP

      3072:61AU3IvzS2dlTUmCaIbzxLJKgWnINK/dcxEOWsiCEMFmjWDtk:xlUVBDonxk3WsjhF/

    Score
    10/10
    gozi2000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks