Overview

overview

10

Static

static

3

9df2cd1768...67.exe

windows7-x64

10

9df2cd1768...67.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d2511161fce23fd7ed1f42c3c077ea4.bin

  • Size

    418KB

  • Sample

    231012-3t6f2shb24

  • MD5

    0d2511161fce23fd7ed1f42c3c077ea4

  • SHA1

    b6c68fce0fe3a8e5c4ed343466fd964ae02f69eb

  • SHA256

    f3cf3437652b4239300016a7018d65b78cd9f7aa48c4345c508aa1d8a74f5a34

  • SHA512

    3e4fb2aa324ad52b13159f1571b218dbc864f8040f98d0c96cce8f216cf936825da4ac9ded3d6220fca30b3c3200f3e59a34c41e27599681df28af5cfd2e8208

  • SSDEEP

    6144:fSvBpvEok/OtV2LzICVARTQOttGMC9b+TkV3YgxANIeNCAP5G9c6OjgK6R:fSppk2b2HbVmTjPrOjVIgxsIKire6R

Score
10/10
gozi2000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2000

C2

trackingg-protectioon.cdn4.mozilla.net

194.76.225.37

trackingg-protectioon.cdn5.mozilla.net

185.212.44.249

109.230.199.185
Attributes
  • base_path

    /fonts/

  • build

    250246

  • exe_type

    loader

  • extension

    .bak

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      9df2cd176847f07857b11db10acfd4cb9fe93195dccb4f9c4689bce411ccba67

    • Size

      300.2MB

    • MD5

      2868653fa71fced479f0902305aee1e6

    • SHA1

      21e637f67b84faa1c9e0441db085fde03479e877

    • SHA256

      9df2cd176847f07857b11db10acfd4cb9fe93195dccb4f9c4689bce411ccba67

    • SHA512

      5c355a1bd18f0df53c8c941b2dade2747919f2ac0806c95fbfd3a12505df8436ec2ac56299cffe97da6fe3ad03d9ee9e1acde0651113726c4b21902ee3fc1160

    • SSDEEP

      3072:Ojpne854ZHT1OmSmMcHWaAMG1JzBsQ0UJ/Pk8In:8ejO4dHWaNZ

    Score
    10/10
    gozi2000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks