gozi | d6ec850bc76c09b3b61eba88f65d3eb5c82dd2e9cdd007971c74a43e1244f6f8 | Triage

Sharing

General

Target

Informazioni.zip
Size

332B
Sample

231010-rmt9naea4t
MD5

eae090d5b3e4f1dc4d743b6d14e2c2ce
SHA1

628a80175fa0ac52de2bd4f4fcc43b9dfd425e42
SHA256

d6ec850bc76c09b3b61eba88f65d3eb5c82dd2e9cdd007971c74a43e1244f6f8
SHA512

64a2cd09bba55bf3ff00b828eadc07acb7dcacc223521b1ed028e7a7941aab00ad8475c19e272d63dc9ec853889c7737df5d540e5b20ab8917457c20c5f8d76d

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

45.93.139.24

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Informazioni.url
- Size
  
  194B
- MD5
  
  71f0e30a7451930cd63fe6b7438489b8
- SHA1
  
  eadfb1b7d1e86c13ca0d19636f002cc1d238fc6e
- SHA256
  
  a0ba5ae2de98ecfe756c52976f8449177212dea143f8ab4c47c4c99f97c6517d
- SHA512
  
  a928b4237a9e31a6b8be8b2e1b89cb5268e3438c63a8cd33c8b660d0679593a6976ce14d719b608e478c42e8e665731bf481c57de0144a1e7cc1b1d7f3663947
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi5050bankerisfbtrojan