Overview

overview

10

Static

static

3

084aaf4ed2...f7.dll

windows7-x64

10

084aaf4ed2...f7.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    084aaf4ed20aaf6d53a75ffa92a4d9f7

  • Size

    543KB

  • Sample

    231230-alwbwsffck

  • MD5

    084aaf4ed20aaf6d53a75ffa92a4d9f7

  • SHA1

    6a3fc820992f5a2ad96fd60eaa7caec4242669f6

  • SHA256

    1c5545e8fe89c9d6a0171332305d2aa83d7eb343b62d6615308ba93b93b15272

  • SHA512

    058aadaef1a54457d05f7013f182ac01553f7312b372e341a5108592eda879f3486108e613b15f4eb703c18df486b573e0206f2d4a8273d34034040e03a87966

  • SSDEEP

    12288:KaMB5j1f/QOwOSnV8Eh3doxeNZNN2lFzx3ycxXs4:KaWz3E4INX03ycxc4

Score
10/10
gozi8877bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

outlook.com

zaluoa.live

daskdjknefjkewfnkjwe.net
Attributes
  • base_path

    /jkloop/

  • build

    250207

  • dga_season

    10

  • exe_type

    loader

  • extension

    .kre

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      084aaf4ed20aaf6d53a75ffa92a4d9f7

    • Size

      543KB

    • MD5

      084aaf4ed20aaf6d53a75ffa92a4d9f7

    • SHA1

      6a3fc820992f5a2ad96fd60eaa7caec4242669f6

    • SHA256

      1c5545e8fe89c9d6a0171332305d2aa83d7eb343b62d6615308ba93b93b15272

    • SHA512

      058aadaef1a54457d05f7013f182ac01553f7312b372e341a5108592eda879f3486108e613b15f4eb703c18df486b573e0206f2d4a8273d34034040e03a87966

    • SSDEEP

      12288:KaMB5j1f/QOwOSnV8Eh3doxeNZNN2lFzx3ycxXs4:KaWz3E4INX03ycxc4

    Score
    10/10
    gozi8877bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks