Overview

overview

10

Static

static

1

Amministrazione.url

windows7-x64

1

Amministrazione.url

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Amministrazione.zip

  • Size

    338B

  • Sample

    231012-rezjeadc9s

  • MD5

    165b9ec41dee0d73753cbfdb1aff40fe

  • SHA1

    fb15237ed63c89b40814601323ce4611f33dff12

  • SHA256

    d41c8abde6e6d580b654de86d4936aa6969c05b2f0ae5a37be72b0adddf3c1e5

  • SHA512

    356e056c611e6355205594e2922c48c4b52320073d4437d15c1299727801e3759b79721a84aa57274fe9662816049474b940dd2141e237f49b8d7d988afd5705

Score
10/10
gozi5050bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

fotexion.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      Amministrazione.url

    • Size

      195B

    • MD5

      ba89826b4115e395e16cb5a1f88b8509

    • SHA1

      9638d1cb1dde598f6b6e6d165f193c972ba3c229

    • SHA256

      e27258c5b05fba296137f8639082a4879f8795b3d3906788e36b59d74eb18062

    • SHA512

      bd348e28231532bea645759b0d0d0ee6a41f83ad4104b3284728bdbfd296080e9540d2a18160f88cd2db0b33797ba7813607860aa92f4bce93c7434ba92f138f

    Score
    10/10
    gozi5050bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks