gozi | 24ec13da718b7caa092a55c50e1b1b6ab9b2f9994547ac931342790e2cf6a81b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d9a314b189018d52262def8f639ccad.exe
Size

525KB
Sample

240103-r9z4esfcam
MD5

1d9a314b189018d52262def8f639ccad
SHA1

3da6c977b0806d1b55eb36c850014c3d6e24894f
SHA256

24ec13da718b7caa092a55c50e1b1b6ab9b2f9994547ac931342790e2cf6a81b
SHA512

cafa0704b70b257e1b11220c25bc090562dbfabbc5588773dab6c9b69ff3dadf1b024cb17ac5cdca3395f80e1af8567eadf8153de7cee7fffabcc423469b6836
SSDEEP

12288:NOAWyD6Slvumd+vdV1Pa4VjwPXcaxaZnqhSbp/OMcX:NyS6SlWmcV1Pa4VMPKH/9c

Score

10^/10

gozi 7410 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7410

C2

signin.microsoft.com

alliances.bar

allianceline.bar

alliancer.bar

Attributes

base_path
/jdraw/
build
250206
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
extension
.crw
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  1d9a314b189018d52262def8f639ccad.exe
- Size
  
  525KB
- MD5
  
  1d9a314b189018d52262def8f639ccad
- SHA1
  
  3da6c977b0806d1b55eb36c850014c3d6e24894f
- SHA256
  
  24ec13da718b7caa092a55c50e1b1b6ab9b2f9994547ac931342790e2cf6a81b
- SHA512
  
  cafa0704b70b257e1b11220c25bc090562dbfabbc5588773dab6c9b69ff3dadf1b024cb17ac5cdca3395f80e1af8567eadf8153de7cee7fffabcc423469b6836
- SSDEEP
  
  12288:NOAWyD6Slvumd+vdV1Pa4VjwPXcaxaZnqhSbp/OMcX:NyS6SlWmcV1Pa4VMPKH/9c
Score

10^/10

gozi 7410 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi7410bankerisfbtrojan

behavioral2

gozi7410bankerisfbtrojan