gozi | 86928e68c8e3b874d89b490e55de47171f0350ead784fe09589a031adade2271 | Triage

Sharing

General

Target

0d527534100ddb9ef3e08ead858fabab
Size

378KB
Sample

231224-x4994abbal
MD5

0d527534100ddb9ef3e08ead858fabab
SHA1

fd105a90d7a754c3965bd4a81e01cafb84ddc44b
SHA256

86928e68c8e3b874d89b490e55de47171f0350ead784fe09589a031adade2271
SHA512

8929ed92cf224237cc3783e3ba23a89ea8ddad5d0d61c48e2f1432fb355c21fece875cd76f9fdbc98e7f1ac0d4b565ff73a1be534880d59381f47116d7778d02
SSDEEP

6144:NAqX6GBMYdZdpfkmGjwSgF8H3V6Uclz5wdL5FczVN877v4FOH/:N5qQdZrkmGs58H3k/h5wdL5OVN877aG

Score

10^/10

gozi 1500 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

app.buboleinov.com

chat.veminiare.com

chat.billionady.com

app3.maintorna.com

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  0d527534100ddb9ef3e08ead858fabab
- Size
  
  378KB
- MD5
  
  0d527534100ddb9ef3e08ead858fabab
- SHA1
  
  fd105a90d7a754c3965bd4a81e01cafb84ddc44b
- SHA256
  
  86928e68c8e3b874d89b490e55de47171f0350ead784fe09589a031adade2271
- SHA512
  
  8929ed92cf224237cc3783e3ba23a89ea8ddad5d0d61c48e2f1432fb355c21fece875cd76f9fdbc98e7f1ac0d4b565ff73a1be534880d59381f47116d7778d02
- SSDEEP
  
  6144:NAqX6GBMYdZdpfkmGjwSgF8H3V6Uclz5wdL5FczVN877v4FOH/:N5qQdZrkmGs58H3k/h5wdL5OVN877aG
Score

10^/10

gozi 1500 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi1500bankerisfbtrojan

behavioral2

gozi1500bankerisfbtrojan