Overview

overview

10

Static

static

3

1232d3aed4...85.dll

windows7-x64

10

1232d3aed4...85.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1232d3aed4a46219093ac9ed94e27be3bfc5c99e17b0b9c6dcc0734022e35385.zip

  • Size

    1.2MB

  • Sample

    231106-vpdapsec32

  • MD5

    8b750eaf94997b8b011124c748088513

  • SHA1

    c4db5fdc06f191dda8210c3931747793a472d9ad

  • SHA256

    5d1ec1e5aa5f500b2e934784e8480de339379344831caa1868eb2b2711795b3f

  • SHA512

    ee9fd650719421e43b34c01098d566af61e5224ebef50611874815310ffbbc558e2f59ede7e97790d10747a96ded1d498f86f07f3442eb9e7d85706babe27008

  • SSDEEP

    24576:J2HwPQRh8eXgqB5KvD+M/JGVXNDwp7OrnTOhPzOGwdVhS3vjjalD:0QoRhpV4/+9DVb1y3q

Score
10/10
gozi20000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20000

C2

http://45.11.182.38

http://79.132.130.230

https://listwhfite.check3.yaho1o.com

https://lisfwhite.ch2eck.yaheoo.com

http://45.155.250.58

https://liset.che3ck.bi1ng.com

http://45.155.249.91
Attributes
  • base_path

    /zerotohero/

  • build

    250260

  • exe_type

    loader

  • extension

    .asi

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1232d3aed4a46219093ac9ed94e27be3bfc5c99e17b0b9c6dcc0734022e35385

    • Size

      1.6MB

    • MD5

      2cb25a10859731a53cebe3728b4b4ece

    • SHA1

      4d97ea24cecbb44ea02f74c03eba59041f3c3d72

    • SHA256

      1232d3aed4a46219093ac9ed94e27be3bfc5c99e17b0b9c6dcc0734022e35385

    • SHA512

      0d1f60bfd3e2a1b28ef870d7f7750098fd5f6d6d59ca2a85606539bf4bc452f8a334489f68bf4cb4f14b0a2820a2e8cc99af03055b13013adb59c15c9f16edb8

    • SSDEEP

      24576:cgRZFqJ+qF6MxIIyrf3JQ7RK9q0K7h7rMoOvG4LeAypSfjgsk/ArX:ZRZi37oYNMoYG+1u

    Score
    10/10
    gozi20000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks