Overview

overview

10

Static

static

3

scarica.exe

windows7-x64

10

scarica.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2437b398f3796a0f898b7ab9d1fcb07caf43d78d26f6388c3eb19d4598b26fe8_JC.zip

  • Size

    144KB

  • Sample

    231012-pjswbahh6y

  • MD5

    997084c843240b6888fcb9c7ec16e20b

  • SHA1

    81909ad4030dfa20ac3cbaad69fcaaad1bb68e30

  • SHA256

    2437b398f3796a0f898b7ab9d1fcb07caf43d78d26f6388c3eb19d4598b26fe8

  • SHA512

    886aabc98715361ba866f06ac09e9d0d325cb01ec07d4f72e943e935cf8694ace2e17ee8e4c824e0ea59a92b47899cb348be8eab90a2fef65ffaf986da49894b

  • SSDEEP

    3072:Z8jdhrqF1xzAckzdQesxtm0TzXDJaqlf3G/6O:Z8jv0xzS5dsSyTJrO

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://avas1ta.com/in/login/

192.121.22.216

http://mimemoa.com
Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      scarica.exe

    • Size

      215KB

    • MD5

      24b7a0d1103f1cd63d5c50a306c28a25

    • SHA1

      11a7929ac6e59f47c8c2f8d47e4fae752a0f70fc

    • SHA256

      4151f81469e5278e9381d10485efbe66e4ca5d8c2f863aa4c3df8e577dc96614

    • SHA512

      549d24fc6b00e0a62930712063b96318f8aa31e5cac5c870582b7a04d9716f87ca0291f6e51a3dfe1e943ea9ef9f6ec68d181a2b44879f6039c4014d18181e54

    • SSDEEP

      3072:aAX04aiteLTH/KeF6JLg6l8qtm0TzXDJaqzy7dU5TqSITtyl:P04FteLjyeF6WAQyTJzy7d+qSITk

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks