Overview

overview

10

Static

static

1

Azienda.url

windows7-x64

1

Azienda.url

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Azienda.zip

  • Size

    320B

  • Sample

    231010-kya7lacc5y

  • MD5

    d7da4259d5416f58b6363e570e7cb78f

  • SHA1

    aad3971b12b622233c296216456d0a765ef85613

  • SHA256

    9a4543f0a2eef8cb5f8ca9c07b512fd916d45c76c2b4bd2c50c6f8a006ce1c8a

  • SHA512

    b3ffe01d2c1196f9892ec9a0b6049115cf6783b34545a79a8b7b32a102e8d696b373517426876e1b8d6a0cd5cf9c0bb050551d56a9ef2caeb8171568393feb86

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

193.203.162.14

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      Azienda.url

    • Size

      191B

    • MD5

      7d41622bb8e2d0cc1e148b9d536c792b

    • SHA1

      e6c5682c27e11089d168601cd4764f038c084594

    • SHA256

      6d66bf2eb0563f2298843d23431e879c2f7d7354b15e49a8c28c915b295f95cf

    • SHA512

      1524ae1315fd5cf3c54ca3b636c1ce869edcafb789684d9761e1f0feb4e87a74ae909e76e435614715aa61b721690e943b5143613152fd2d5cd2af70052a9b40

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks