gozi | 12f1fa49ce2f2fd19db6147e547a35625c260b2fec2ecf67de89c837990c5d94 | Triage

Sharing

General

Target

client.exe
Size

360KB
Sample

231009-pvlw5sch7s
MD5

b1f338b2dc731820952a1b879fcb1b00
SHA1

d33b4542f8cb7c318111cf8cff285305bdb85833
SHA256

12f1fa49ce2f2fd19db6147e547a35625c260b2fec2ecf67de89c837990c5d94
SHA512

3d7f0ddc847b8d3a7867835c1e88b1f6a2142bf83d094df29f676aad195ed1e18b48fb5d97cb456602fb81f2ff9c6114f0f87dc3c2acd3bd9f12e3bade551999
SSDEEP

6144:PtZXGw8WTOhrcl8678wdIvPuNkD+7uzXx9QZo9PW4wMdcCfLm:qw8XcV78wZ7uzXbf+0dcwm

Score

10^/10

gozi 5050 banker dave isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

http://iextrawebty.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  client.exe
- Size
  
  360KB
- MD5
  
  b1f338b2dc731820952a1b879fcb1b00
- SHA1
  
  d33b4542f8cb7c318111cf8cff285305bdb85833
- SHA256
  
  12f1fa49ce2f2fd19db6147e547a35625c260b2fec2ecf67de89c837990c5d94
- SHA512
  
  3d7f0ddc847b8d3a7867835c1e88b1f6a2142bf83d094df29f676aad195ed1e18b48fb5d97cb456602fb81f2ff9c6114f0f87dc3c2acd3bd9f12e3bade551999
- SSDEEP
  
  6144:PtZXGw8WTOhrcl8678wdIvPuNkD+7uzXx9QZo9PW4wMdcCfLm:qw8XcV78wZ7uzXbf+0dcwm
Score

10^/10

gozi 5050 banker dave isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Dave packer
  Detects executable using a packer named 'Dave' by the community, based on a string at the end.
  dave
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5050bankerdaveisfbtrojan

behavioral2

gozi5050bankerdaveisfbtrojan