gozi | a43f7e57a2a6e00480baf95d1e9c82332796fbb4b4873046bd1ac9bca4f68075 | Triage

Sharing

General

Target

Documenti.zip
Size

326B
Sample

231010-pg6pdsdd6s
MD5

902f6266e8e0b95c2801839ecd926a29
SHA1

989ec5b1787b96a81f8535df4e0f8debcbdc8132
SHA256

a43f7e57a2a6e00480baf95d1e9c82332796fbb4b4873046bd1ac9bca4f68075
SHA512

99892a65bf036d927970a8cf3377d62681771052ae296c08f003f977f30883fdc14d9c8c0726d037f5e340d3fed2a7d918e2ee7545a66219e4569769709206e0

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

45.93.139.24

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Documenti.url
- Size
  
  193B
- MD5
  
  605a545fcf4bdb9f72cccce6f96c3b00
- SHA1
  
  3f46e6be5166cbe2e998f82d7bc43485c26ddbcf
- SHA256
  
  96a8224726b8ce8b29315536fb4b1ed66f568f9a97c0d630316dba3e5b6a5a3e
- SHA512
  
  9a70438d175c889d05e97e69ad284a5f206aa7b8267f3e7c33ee8413580bbc83dec603d16ad30550e046badbc1650ab742e02781880e7a11ae9abe0983dfbd0e
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

gozi5050bankerisfbtrojan