Overview

overview

10

Static

static

3

210adf81fe...95.dll

windows7-x64

10

210adf81fe...95.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    210adf81fe8f17f79043a4f4fb4a4295

  • Size

    484KB

  • Sample

    231231-adjywsahdj

  • MD5

    210adf81fe8f17f79043a4f4fb4a4295

  • SHA1

    28833bc6a60add47a7312626d196a7ad8bfa9570

  • SHA256

    d6be92449addfade8516a80f79fa2412f5e56dc6fb0c594903a6be6a696cea22

  • SHA512

    396b2f60d94782ef37acfa499daefc1562cfe7fd80f6f3be183a81e9756cd906a38f3ee9f5a5469e890932de33e95c686e5fed6c69130db6214200b5ee492de9

  • SSDEEP

    12288:DPa04+mliwWmpwf14wZtshcgSN3SJpzQvpuvdT5:DQ4wNytwUSJ2vG

Score
10/10
gozi8877bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

outlook.com

zaluoa.live

daskdjknefjkewfnkjwe.net
Attributes
  • base_path

    /jkloop/

  • build

    250207

  • dga_season

    10

  • exe_type

    loader

  • extension

    .kre

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      210adf81fe8f17f79043a4f4fb4a4295

    • Size

      484KB

    • MD5

      210adf81fe8f17f79043a4f4fb4a4295

    • SHA1

      28833bc6a60add47a7312626d196a7ad8bfa9570

    • SHA256

      d6be92449addfade8516a80f79fa2412f5e56dc6fb0c594903a6be6a696cea22

    • SHA512

      396b2f60d94782ef37acfa499daefc1562cfe7fd80f6f3be183a81e9756cd906a38f3ee9f5a5469e890932de33e95c686e5fed6c69130db6214200b5ee492de9

    • SSDEEP

      12288:DPa04+mliwWmpwf14wZtshcgSN3SJpzQvpuvdT5:DQ4wNytwUSJ2vG

    Score
    10/10
    gozi8877bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks