gozi | 9c4088dfc53bb7b6d9887d200801a926b73c09458910460a2d6f4e2d67f13e6e | Triage

Sharing

General

Target

0d68d238d713f63ff02be916ae633466
Size

543KB
Sample

231230-echrnahdb7
MD5

0d68d238d713f63ff02be916ae633466
SHA1

46958a4143c337f8406b0c785d434c8892e902e8
SHA256

9c4088dfc53bb7b6d9887d200801a926b73c09458910460a2d6f4e2d67f13e6e
SHA512

502daafc9ba908cf8b682e2496be0785c7ccf035e8876df2b31b97dd43a5f79e50505afa63cd60be1df89003ae774d071777433cfc2b14359e581175b290ef33
SSDEEP

12288:KaM55j1f/QOwOSnV8Eh3doxeNZNN2lFzx3ycxXs4:Ka6z3E4INX03ycxc4

Score

10^/10

gozi 8877 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

outlook.com

zaluoa.live

daskdjknefjkewfnkjwe.net

Attributes

base_path
/jkloop/
build
250207
dga_season
10
exe_type
loader
extension
.kre
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  0d68d238d713f63ff02be916ae633466
- Size
  
  543KB
- MD5
  
  0d68d238d713f63ff02be916ae633466
- SHA1
  
  46958a4143c337f8406b0c785d434c8892e902e8
- SHA256
  
  9c4088dfc53bb7b6d9887d200801a926b73c09458910460a2d6f4e2d67f13e6e
- SHA512
  
  502daafc9ba908cf8b682e2496be0785c7ccf035e8876df2b31b97dd43a5f79e50505afa63cd60be1df89003ae774d071777433cfc2b14359e581175b290ef33
- SSDEEP
  
  12288:KaM55j1f/QOwOSnV8Eh3doxeNZNN2lFzx3ycxXs4:Ka6z3E4INX03ycxc4
Score

10^/10

gozi 8877 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi8877bankerisfbtrojan

behavioral2

gozi8877bankerisfbtrojan