gozi | 4d25257ecb5f00400cee90f0b96eb48ee9bc15539c06b7d661038cfc275a21d3 | Triage

Sharing

General

Target

Cliente.zip
Size

322B
Sample

231010-pwrtsade31
MD5

ce48f6daaeb73f0d9879ab3554a77f1d
SHA1

61d86b940a4706075c6c4eda2fce6ad502c0064e
SHA256

4d25257ecb5f00400cee90f0b96eb48ee9bc15539c06b7d661038cfc275a21d3
SHA512

a3fc58857d03908a1cff73d101948edf9014c013483b98a8cda50bcee3e1e22a99a35f36b6363f45439d14609458bb56d8a9f4369e7dab41c1ff6c86c592c83e

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

45.93.139.24

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Cliente.url
- Size
  
  193B
- MD5
  
  9c1dcd25ee65745e3f0fc5ee187277ab
- SHA1
  
  819fe69f437a44eb02b4d4adfad50b1d6d685cbf
- SHA256
  
  af0de9d1c38ade4fcdca65f63931ce325a0c0c1ab16518bed11cc3ae6fecd0b9
- SHA512
  
  f155feeab684a22cf526eaf3e4c93a75a0bf0dc681083f1f792a228f5527290ebedc20b764a49595bc660c8b0c079e82484f0032a9d99281478184fc7d8ec1e6
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi5050bankerisfbtrojan