Overview

overview

10

Static

static

3

kk_patched.exe

windows7-x64

10

kk_patched.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kk_patched.exe

  • Size

    204KB

  • Sample

    231101-sxjrcaac2t

  • MD5

    f8e978df4fcb8406d3c3549c9d26278f

  • SHA1

    9f3193c6c2f7b390f664206d919d3f98d35df0ae

  • SHA256

    f1916929f5cc4e16a95b36409dc94344ffb441cfeb9fe50070836bf92ffd1d2d

  • SHA512

    ea1b4395872b56b8b72ee9937c2dd7bc6a1734d3505200f37d90f72bf8d2adaf209a302398490c0706967c92a1c455703aa0d34d82970fd2a2bf7896cb0d63ed

  • SSDEEP

    3072:uh5kduQdVECqxwPBBlUJjXkZr/ExfqStBiB6ZOYlFJrQOlF4Kdz2zxyLE6Huoalb:uxXkZTEtqStGuOYxQOlJS9yaEZWGPlk

Score
10/10
gozi2004bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2004

C2

trackingg-protectioon.cdn4.mozilla.net

77.73.131.105

31.214.157.31

protectioon.cdn4.mozilla.net

185.212.47.59

79.132.128.116
Attributes
  • base_path

    /fonts/

  • build

    250257

  • exe_type

    loader

  • extension

    .bak

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      kk_patched.exe

    • Size

      204KB

    • MD5

      f8e978df4fcb8406d3c3549c9d26278f

    • SHA1

      9f3193c6c2f7b390f664206d919d3f98d35df0ae

    • SHA256

      f1916929f5cc4e16a95b36409dc94344ffb441cfeb9fe50070836bf92ffd1d2d

    • SHA512

      ea1b4395872b56b8b72ee9937c2dd7bc6a1734d3505200f37d90f72bf8d2adaf209a302398490c0706967c92a1c455703aa0d34d82970fd2a2bf7896cb0d63ed

    • SSDEEP

      3072:uh5kduQdVECqxwPBBlUJjXkZr/ExfqStBiB6ZOYlFJrQOlF4Kdz2zxyLE6Huoalb:uxXkZTEtqStGuOYxQOlJS9yaEZWGPlk

    Score
    10/10
    gozi2004bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks