gozi | 9a73aac68d8941fa339bf2b9d12c2ddabc734cf94d0070cbd5c8b7e25ee92f29 | Triage

Sharing

General

Target

portfolio_JC.exe
Size

215KB
Sample

231012-sb53fshb73
MD5

323ae1b1d1832e5d5c13ee6fbfe65a4d
SHA1

ee1f0aedbaacf442923aa03387759f334f04fea8
SHA256

9a73aac68d8941fa339bf2b9d12c2ddabc734cf94d0070cbd5c8b7e25ee92f29
SHA512

8cf35cc1a2d2919119c0511a5c5479bbcfa8a4e48a55bee2928c0acf28827a32585aaef5a246256eabfd6899bdfbe5fba238dfb84d5b87cd79aa791421fb275a
SSDEEP

6144:Qoj4vGLREu+64zIMHQRWsZA0Dlgd00Tk:QE2u+64NHqZAqlZ8

Score

10^/10

gozi 5050 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://avas1ta.com/in/login/

192.121.22.216

http://mimemoa.com

Attributes

base_path
/jerry/
build
250260
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  portfolio_JC.exe
- Size
  
  215KB
- MD5
  
  323ae1b1d1832e5d5c13ee6fbfe65a4d
- SHA1
  
  ee1f0aedbaacf442923aa03387759f334f04fea8
- SHA256
  
  9a73aac68d8941fa339bf2b9d12c2ddabc734cf94d0070cbd5c8b7e25ee92f29
- SHA512
  
  8cf35cc1a2d2919119c0511a5c5479bbcfa8a4e48a55bee2928c0acf28827a32585aaef5a246256eabfd6899bdfbe5fba238dfb84d5b87cd79aa791421fb275a
- SSDEEP
  
  6144:Qoj4vGLREu+64zIMHQRWsZA0Dlgd00Tk:QE2u+64NHqZAqlZ8
Score

10^/10

gozi 5050 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5050bankerisfbtrojan

behavioral2

gozi5050bankerisfbtrojan