gozi | 5d336e893274c83da23395821010210aeaa44b28fca63c352fc3292502b582ea | Triage

Sharing

General

Target

9f2d1eac635d636c11bf0fd605992a2e
Size

368KB
Sample

231222-qkt1fafhak
MD5

9f2d1eac635d636c11bf0fd605992a2e
SHA1

f37e51b7b6284cec35eb85e08afb7767daf48809
SHA256

5d336e893274c83da23395821010210aeaa44b28fca63c352fc3292502b582ea
SHA512

7cefbbae07b6c57301da08d6b9cc2e8530c46bd6d5045c3e49686e0b3429ac2ebb19350edfcc80de3c2551a63cefe939f7271390be333d4362a2158cf804dbed
SSDEEP

6144:9pW5yM4eF6MOl7SfFPFY0Hi1PkZkWM6g/2X40CC8rJpDNjM:9Q5yB78fFPTHi1Pku6guI0C3FTM

Score

10^/10

gozi 8877 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

outlook.com

lureborufer.store

dureborufer.store

Attributes

base_path
/lucene/
build
250212
dga_season
10
exe_type
loader
extension
.keq
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  9f2d1eac635d636c11bf0fd605992a2e
- Size
  
  368KB
- MD5
  
  9f2d1eac635d636c11bf0fd605992a2e
- SHA1
  
  f37e51b7b6284cec35eb85e08afb7767daf48809
- SHA256
  
  5d336e893274c83da23395821010210aeaa44b28fca63c352fc3292502b582ea
- SHA512
  
  7cefbbae07b6c57301da08d6b9cc2e8530c46bd6d5045c3e49686e0b3429ac2ebb19350edfcc80de3c2551a63cefe939f7271390be333d4362a2158cf804dbed
- SSDEEP
  
  6144:9pW5yM4eF6MOl7SfFPFY0Hi1PkZkWM6g/2X40CC8rJpDNjM:9Q5yB78fFPTHi1Pku6guI0C3FTM
Score

10^/10

gozi 8877 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi8877bankerisfbtrojan

behavioral2

gozi8877bankerisfbtrojan