gozi

General

Target

e798fb0280fbc91cbb32234af0c55c4c6e16f528f8282057e334c2055ac07d13_JC.url
Size

192B
Sample

231004-xjz9dseb8s
MD5

aa05bdf7862a64f54d6e281944fb0f51
SHA1

60fe537372be17e284f0121f5da307325da6ca92
SHA256

e798fb0280fbc91cbb32234af0c55c4c6e16f528f8282057e334c2055ac07d13
SHA512

e471d9b97fc022e3a769a936f37590da9e3f32e76fb5934ffea91ef8c1fb39f719330cb5299fbb38272bb5b34aac8e28ab05bc2180478eb1bca839911a87a302

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

185.247.184.139

62.72.33.155

incontroler.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

systemcheck.top

Attributes

base_path
/pictures/
build
250260
exe_type
worker
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  e798fb0280fbc91cbb32234af0c55c4c6e16f528f8282057e334c2055ac07d13_JC.url
- Size
  
  192B
- MD5
  
  aa05bdf7862a64f54d6e281944fb0f51
- SHA1
  
  60fe537372be17e284f0121f5da307325da6ca92
- SHA256
  
  e798fb0280fbc91cbb32234af0c55c4c6e16f528f8282057e334c2055ac07d13
- SHA512
  
  e471d9b97fc022e3a769a936f37590da9e3f32e76fb5934ffea91ef8c1fb39f719330cb5299fbb38272bb5b34aac8e28ab05bc2180478eb1bca839911a87a302
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Remote System Discovery

1

T1018

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2