Overview

overview

10

Static

static

1

Cliente.url

windows7-x64

1

Cliente.url

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cliente.zip

  • Size

    320B

  • Sample

    231010-pg6dmadd51

  • MD5

    8302c970740f1b604a4a7d82c94cfe4b

  • SHA1

    d4231aef9903c6c31411c85f5642ea52950caa94

  • SHA256

    433c422e6f77272d13d7cb0049aa6e24dd9da5c7f2017f7e5249ab8524b5cb27

  • SHA512

    c41494c464b7dfd17bc1d3f4324c29de2e8c8a85324b65e55e51f509dd2e99a4519cfce6891222940092ef95a3094895af2e27abc9f2163ebeaa69a9ab75ee57

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

193.203.162.14

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      Cliente.url

    • Size

      191B

    • MD5

      3fca98849887f4640255b50f69ee9206

    • SHA1

      d560638acf8911800b080809c1c5dee4eb2b9d9d

    • SHA256

      420c6c6ee2d0fb0c3797a919419fda32987ce9e58d0c121e278856d9e0615ce1

    • SHA512

      3e979b15552ebf16e2e4e7a061cf7bf8eab8d681cbc263af0d62b3752ff6a6743c3c9b7913f9caa7c4a6cc64ad84d7b250a39bd3507c40af8b86c2239e18bd8f

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks