gozi | 6f5d5f84f94ac7c9e752f81041e32af4b7c29ac37f94a38048ad143c7ce6c461 | Triage

Sharing

General

Target

6f5d5f84f94ac7c9e752f81041e32af4b7c29ac37f94a38048ad143c7ce6c461_JC.zip
Size

145KB
Sample

231012-pd98eabg45
MD5

14e74ffc9bfc802c6a7686f76d9237f2
SHA1

31fdf39aecf51f671000c102e7eeabd8072a264e
SHA256

6f5d5f84f94ac7c9e752f81041e32af4b7c29ac37f94a38048ad143c7ce6c461
SHA512

ed3d13f8b17c2abdd1ed9723455c265624486573ac675212b552386b1776483b809b315b9f598cc445cbb5e6b54c5cf1477b6b24dd1e9d73eded85cbdb84d266
SSDEEP

3072:3VrZ3nRa5GBxK9z1eDQvU66uZhVaJZzarMHseeRWsZeX0DxydwpIgDH4La:Fr/a5GBUuDQxVabzIMHQRWsZA0DAwtDJ

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://avas1ta.com/in/login/

192.121.22.216

http://mimemoa.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  portfolio.exe
- Size
  
  215KB
- MD5
  
  323ae1b1d1832e5d5c13ee6fbfe65a4d
- SHA1
  
  ee1f0aedbaacf442923aa03387759f334f04fea8
- SHA256
  
  9a73aac68d8941fa339bf2b9d12c2ddabc734cf94d0070cbd5c8b7e25ee92f29
- SHA512
  
  8cf35cc1a2d2919119c0511a5c5479bbcfa8a4e48a55bee2928c0acf28827a32585aaef5a246256eabfd6899bdfbe5fba238dfb84d5b87cd79aa791421fb275a
- SSDEEP
  
  6144:Qoj4vGLREu+64zIMHQRWsZA0Dlgd00Tk:QE2u+64NHqZAqlZ8
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5050bankerisfbtrojan

behavioral2

gozi5050bankerisfbtrojan