Overview

overview

10

Static

static

3

d8b549e78f...a6.dll

windows7-x64

10

d8b549e78f...a6.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8b549e78f60995f845d3440e1fd50a6

  • Size

    701KB

  • Sample

    231220-syd79aahc5

  • MD5

    d8b549e78f60995f845d3440e1fd50a6

  • SHA1

    470e30ffc713396d101949dffeed025e7083919d

  • SHA256

    f73b0df56a13548f550be8e48e49209979e7d6256b477d6bc5cd1456c1fb5da1

  • SHA512

    7b9fe78042fe09cf7c1f13d5eca24d2302b9cd324894f8be0ad2b63278aa76a41ae0917edd4e7e7b0df234756510f8849c5c10d7c2f23c86519cc64b4f110c37

  • SSDEEP

    12288:HUAQSxb6fDEr8Np6b/rPPsjosrS9aEoe+0JCym+4YJAOSVUNcuHIGF4uW/XrGAsB:Hz3xb6fq8Np6bTPPaBreaZlYCOSVol22

Score
10/10
gozi8899bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8899

C2

msn.com/mail

breuranel.website

outlook.com/signup

areuranel.website
Attributes
  • base_path

    /liopolo/

  • build

    260212

  • dga_season

    10

  • exe_type

    loader

  • extension

    .jre

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      d8b549e78f60995f845d3440e1fd50a6

    • Size

      701KB

    • MD5

      d8b549e78f60995f845d3440e1fd50a6

    • SHA1

      470e30ffc713396d101949dffeed025e7083919d

    • SHA256

      f73b0df56a13548f550be8e48e49209979e7d6256b477d6bc5cd1456c1fb5da1

    • SHA512

      7b9fe78042fe09cf7c1f13d5eca24d2302b9cd324894f8be0ad2b63278aa76a41ae0917edd4e7e7b0df234756510f8849c5c10d7c2f23c86519cc64b4f110c37

    • SSDEEP

      12288:HUAQSxb6fDEr8Np6b/rPPsjosrS9aEoe+0JCym+4YJAOSVUNcuHIGF4uW/XrGAsB:Hz3xb6fq8Np6bTPPaBreaZlYCOSVol22

    Score
    10/10
    gozi8899bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks