gozi | 84b16227e05b966470c3624cc9129296d73b96c11c90ff5d02a6aea8ab196b9e | Triage

Sharing

General

Target

0196aa6b6e09389e94acafba9049fe5f
Size

355KB
Sample

231229-x31n9sacbq
MD5

0196aa6b6e09389e94acafba9049fe5f
SHA1

6248bd71cc01f4dd0728bf8536c29aff31adb4ce
SHA256

84b16227e05b966470c3624cc9129296d73b96c11c90ff5d02a6aea8ab196b9e
SHA512

004683c3bcc190134f6715bef7fc1d788e3b7d02c68f6f51980433078be7c126f382fb2832d2668c23f234f9b6ab0d0e1e2e1d0dca33d9f40803f412f566c81a
SSDEEP

6144:BstpyZ+ANKcOVwmBfjdLz5kazt+x1gLY3TGAa7VGpwCu:BstpbA3OOmljdLGeZOGH7Cu

Score

10^/10

gozi 1500 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  0196aa6b6e09389e94acafba9049fe5f
- Size
  
  355KB
- MD5
  
  0196aa6b6e09389e94acafba9049fe5f
- SHA1
  
  6248bd71cc01f4dd0728bf8536c29aff31adb4ce
- SHA256
  
  84b16227e05b966470c3624cc9129296d73b96c11c90ff5d02a6aea8ab196b9e
- SHA512
  
  004683c3bcc190134f6715bef7fc1d788e3b7d02c68f6f51980433078be7c126f382fb2832d2668c23f234f9b6ab0d0e1e2e1d0dca33d9f40803f412f566c81a
- SSDEEP
  
  6144:BstpyZ+ANKcOVwmBfjdLz5kazt+x1gLY3TGAa7VGpwCu:BstpbA3OOmljdLGeZOGH7Cu
Score

10^/10

gozi 1500 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi1500bankerisfbtrojan

behavioral2

gozi1500bankerisfbtrojan