gozi | 5cd96f6b1e6a4a172d852a7bcf5ad10bf029e135061f0ae5105f45a9920089a2 | Triage

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04-10-2023 17:55

Sharing

Report Analysis Logs

General

Target

5cd96f6b1e6a4a172d852a7bcf5ad10bf029e135061f0ae5105f45a9920089a2_JC.exe
Size

294KB
MD5

bb35f8c1a3236ad31c754cdfe795d57f
SHA1

b744f8ae31e2b3f7c3b72b9615823a3a3ad02989
SHA256

5cd96f6b1e6a4a172d852a7bcf5ad10bf029e135061f0ae5105f45a9920089a2
SHA512

fcb8f4458b7a5a4a2536a22ad55e4564ffe3d3327e4eefca10a30bc490ae29c8cc31760e07d567de53150090c84bb171209f1f3811f22d3f69545beb15edd0b0
SSDEEP

3072:4e6lIjmvg7aaCIg0JHk8D8uNhUqHAMMQKL2H/NHIS:4blIavYaaCIg6h/NhUDAHlH

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

185.247.184.139

62.72.33.155

incontroler.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

C:\Users\Admin\AppData\Local\Temp\5cd96f6b1e6a4a172d852a7bcf5ad10bf029e135061f0ae5105f45a9920089a2_JC.exe
"C:\Users\Admin\AppData\Local\Temp\5cd96f6b1e6a4a172d852a7bcf5ad10bf029e135061f0ae5105f45a9920089a2_JC.exe"
1⤵
PID:2144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2144-1-0x0000000000250000-0x0000000000350000-memory.dmp

Filesize
1024KB

Download
memory/2144-2-0x0000000000400000-0x0000000002290000-memory.dmp

Filesize
30.6MB

Download
memory/2144-3-0x00000000001B0000-0x00000000001BB000-memory.dmp

Filesize
44KB

Download
memory/2144-4-0x00000000022D0000-0x00000000022DD000-memory.dmp

Filesize
52KB

Download
memory/2144-7-0x0000000000250000-0x0000000000350000-memory.dmp

Filesize
1024KB

Download
memory/2144-8-0x0000000000400000-0x0000000002290000-memory.dmp

Filesize
30.6MB

Download