gozi | 61b5b2ea5f667c7a3bc7ef2ac07283a0c106e7d02e139879481ffa64441e1e55 | Triage

Sharing

General

Target

2b25182df120e15147a1d1f86154ece9
Size

653KB
Sample

231231-gtn14seba5
MD5

2b25182df120e15147a1d1f86154ece9
SHA1

8dfb7bb6a85f51a09db361fb83f5edfdb4c5e515
SHA256

61b5b2ea5f667c7a3bc7ef2ac07283a0c106e7d02e139879481ffa64441e1e55
SHA512

a25709a82d7d152a5d2321904154ecced9753fa6158546ba6eddb3c4e8fb1bac565f991951abe6fc9761ed2d21765ab828c4097e7b8a7a21572718c595272cf1
SSDEEP

12288:WqeAoQME4xL3Lq7ZAfsOU+1kGz9nHxUHmCrv+rc:Wq1oldxTLoZcsOUaTzjumKv+rc

Score

10^/10

gozi 202108021 banker rm3 trojan

Malware Config

Extracted

Family

gozi

Attributes

build
300981

Extracted

Family

gozi

Botnet

202108021

C2

https://hotroad.cyou

Attributes

build
300981
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  2b25182df120e15147a1d1f86154ece9
- Size
  
  653KB
- MD5
  
  2b25182df120e15147a1d1f86154ece9
- SHA1
  
  8dfb7bb6a85f51a09db361fb83f5edfdb4c5e515
- SHA256
  
  61b5b2ea5f667c7a3bc7ef2ac07283a0c106e7d02e139879481ffa64441e1e55
- SHA512
  
  a25709a82d7d152a5d2321904154ecced9753fa6158546ba6eddb3c4e8fb1bac565f991951abe6fc9761ed2d21765ab828c4097e7b8a7a21572718c595272cf1
- SSDEEP
  
  12288:WqeAoQME4xL3Lq7ZAfsOU+1kGz9nHxUHmCrv+rc:Wq1oldxTLoZcsOUaTzjumKv+rc
Score

10^/10

gozi 202108021 banker rm3 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi202108021bankerrm3trojan

behavioral2

gozi202108021bankerrm3trojan