Overview

overview

10

Static

static

3

accd0619d4...a9.dll

windows7-x64

10

accd0619d4...a9.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    accd0619d4a388334dbb9db70b4b2ea9

  • Size

    368KB

  • Sample

    231222-q3aphsecb7

  • MD5

    accd0619d4a388334dbb9db70b4b2ea9

  • SHA1

    e60d9184b85fa02094552282db4c7cf9f85c59d9

  • SHA256

    23e2fcbf22fd61aee484d6d03e6bb8681ac787e333600ba837b44bfaeda8ca4d

  • SHA512

    2b17239af22ad3d1188757784033c010b1db680c31f53eb7bba4a8a75e35b0543b347fba4e85b1718aa4c8f1739dffd540cfb783ede5367a775343b81b80af43

  • SSDEEP

    6144:PpW5yM4eF6MOl7SfFPFY0Hi1PkZkWM6ge2X4sCC8rJpD9jM:PQ5yB78fFPTHi1Pku6gbIsC3FvM

Score
10/10
gozi8877bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

outlook.com

lureborufer.store

dureborufer.store
Attributes
  • base_path

    /lucene/

  • build

    250212

  • dga_season

    10

  • exe_type

    loader

  • extension

    .keq

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      accd0619d4a388334dbb9db70b4b2ea9

    • Size

      368KB

    • MD5

      accd0619d4a388334dbb9db70b4b2ea9

    • SHA1

      e60d9184b85fa02094552282db4c7cf9f85c59d9

    • SHA256

      23e2fcbf22fd61aee484d6d03e6bb8681ac787e333600ba837b44bfaeda8ca4d

    • SHA512

      2b17239af22ad3d1188757784033c010b1db680c31f53eb7bba4a8a75e35b0543b347fba4e85b1718aa4c8f1739dffd540cfb783ede5367a775343b81b80af43

    • SSDEEP

      6144:PpW5yM4eF6MOl7SfFPFY0Hi1PkZkWM6ge2X4sCC8rJpD9jM:PQ5yB78fFPTHi1Pku6gbIsC3FvM

    Score
    10/10
    gozi8877bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks