gozi | 4a26a3cbf7f36b9cc6c9ad97ef38b41903d37eb1333b748f0401e671a21947fc | Triage

Sharing

General

Target

Informazioni.zip
Size

331B
Sample

231012-rezjeadc9w
MD5

9fa544a44b74f3ccb885f6eb4a98eb78
SHA1

da35d158ce8c9cc5c8721938f6864e3cecfa59e9
SHA256

4a26a3cbf7f36b9cc6c9ad97ef38b41903d37eb1333b748f0401e671a21947fc
SHA512

488456a984ba2655abd421ba3389a1578ab66e4588399e815aa1ac8507331d177c9cc60ee45606ef2966e0d3b799d500af70ffe2164566b76b877aef5c397437

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

fotexion.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Informazioni.url
- Size
  
  193B
- MD5
  
  1d845b70ddd55eadc3839f5260a3fe98
- SHA1
  
  9e6777fc98e89c4fd6f27cc7bed1c50a965c8c0d
- SHA256
  
  a6e70f830d130741e0707af7e78a9d2cfb5bc05a487a213b10c8554b40d4c8fa
- SHA512
  
  25be0840385e11b34d3544e33bce9e89e01132568cac404107018f7a238db3cd8bd907e172e66cf36a30944eb9163a8663ab9b587c6bd35872c03c4a22b57bd2
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi5050bankerisfbtrojan