gozi | f30c5ed2af4436ac9fd0a2111f8893a91c9062329039f0ed2855319d8c24d1df | Triage

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 11:02

Sharing

Report Analysis Logs

General

Target

thegradcafe.exe
Size

396KB
MD5

e5016a6e719b2100ba672ae173ac9a64
SHA1

315be96c1d9a7e8ea0867a4744f6b064ed6b3670
SHA256

a650279899a57cbf1e21d1e481bb02e10715df746f987999a67253ae8390c4d5
SHA512

71f2e728a36cfe195e500995101bb0b0b67fa027caf338df3be87f6a9424052a59d39a19317916d97dd6882c4b4ab508b33d7de5181be70c9be20aa27d404980
SSDEEP

6144:cvTbxcq8gPFK3gbJEESsJ5YqA+cv7PCfpHVyVf:6yq9t6sEFUPEjP2pHVyVf

Score

10^/10

gozi 444 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

444

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

C:\Users\Admin\AppData\Local\Temp\thegradcafe.exe
"C:\Users\Admin\AppData\Local\Temp\thegradcafe.exe"
1⤵
PID:1744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-0-0x0000000000280000-0x000000000028D000-memory.dmp

Filesize
52KB

Download
memory/1744-1-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1744-2-0x00000000003B0000-0x00000000003BD000-memory.dmp

Filesize
52KB

Download
memory/1744-5-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download