gozi | 2437b398f3796a0f898b7ab9d1fcb07caf43d78d26f6388c3eb19d4598b26fe8 | Triage

Sharing

General

Target

2437b398f3796a0f898b7ab9d1fcb07caf43d78d26f6388c3eb19d4598b26fe8_JC.zip
Size

144KB
Sample

231012-pjswbahh6y
MD5

997084c843240b6888fcb9c7ec16e20b
SHA1

81909ad4030dfa20ac3cbaad69fcaaad1bb68e30
SHA256

2437b398f3796a0f898b7ab9d1fcb07caf43d78d26f6388c3eb19d4598b26fe8
SHA512

886aabc98715361ba866f06ac09e9d0d325cb01ec07d4f72e943e935cf8694ace2e17ee8e4c824e0ea59a92b47899cb348be8eab90a2fef65ffaf986da49894b
SSDEEP

3072:Z8jdhrqF1xzAckzdQesxtm0TzXDJaqlf3G/6O:Z8jv0xzS5dsSyTJrO

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://avas1ta.com/in/login/

192.121.22.216

http://mimemoa.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  scarica.exe
- Size
  
  215KB
- MD5
  
  24b7a0d1103f1cd63d5c50a306c28a25
- SHA1
  
  11a7929ac6e59f47c8c2f8d47e4fae752a0f70fc
- SHA256
  
  4151f81469e5278e9381d10485efbe66e4ca5d8c2f863aa4c3df8e577dc96614
- SHA512
  
  549d24fc6b00e0a62930712063b96318f8aa31e5cac5c870582b7a04d9716f87ca0291f6e51a3dfe1e943ea9ef9f6ec68d181a2b44879f6039c4014d18181e54
- SSDEEP
  
  3072:aAX04aiteLTH/KeF6JLg6l8qtm0TzXDJaqzy7dU5TqSITtyl:P04FteLjyeF6WAQyTJzy7d+qSITk
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5050bankerisfbtrojan

behavioral2

gozi5050bankerisfbtrojan