gozi | 135e41bbfe6a0a107cc917733714ae1fb7bf19092fb14aec4788c6136793dda2 | Triage

Sharing

General

Target

4f8ff35c13bc0b82bff19a6fd8b32760_dll64_JC.dll
Size

144KB
Sample

231015-swh4esaf35
MD5

4f8ff35c13bc0b82bff19a6fd8b32760
SHA1

5076af8f1a59c8fc56d405a868820676702b5b97
SHA256

135e41bbfe6a0a107cc917733714ae1fb7bf19092fb14aec4788c6136793dda2
SHA512

039cff089a58b087c6a34acbad45b39048e0ae132329068d7a044efe1a226db3e0045094fb740fab255bb96d8457fcff497503042fd1bdc7a639f86af3380a1f
SSDEEP

3072:R62geqsPhgYn3OrQTREpF6/E8ReqCoq/EgY/Wi:R3iQ1EpF0GqCoqj

Score

10^/10

gozi 1000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

178.32.151.23

Attributes

exe_type
worker

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4f8ff35c13bc0b82bff19a6fd8b32760_dll64_JC.dll
- Size
  
  144KB
- MD5
  
  4f8ff35c13bc0b82bff19a6fd8b32760
- SHA1
  
  5076af8f1a59c8fc56d405a868820676702b5b97
- SHA256
  
  135e41bbfe6a0a107cc917733714ae1fb7bf19092fb14aec4788c6136793dda2
- SHA512
  
  039cff089a58b087c6a34acbad45b39048e0ae132329068d7a044efe1a226db3e0045094fb740fab255bb96d8457fcff497503042fd1bdc7a639f86af3380a1f
- SSDEEP
  
  3072:R62geqsPhgYn3OrQTREpF6/E8ReqCoq/EgY/Wi:R3iQ1EpF0GqCoqj
Score

10^/10

gozi banker trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozibankertrojan

behavioral2

gozibankertrojan