gozi | 0a3bc15ceb80f700d80b7d651ff378cf407c239f3e513e3bc9bd854f82f7e22c | Triage

Sharing

General

Target

454908e620c33ca3e631a6334e8b1ff1
Size

544KB
Sample

240106-e4g97saaa9
MD5

454908e620c33ca3e631a6334e8b1ff1
SHA1

50f292391060ff4d772a4fd695f9eba8432a8fd8
SHA256

0a3bc15ceb80f700d80b7d651ff378cf407c239f3e513e3bc9bd854f82f7e22c
SHA512

0e3165221a8f751c2e54e40d5ffa2012b43535f19bf89a0d6b7f7ec287546e1312c6c43759bd2cc97ad4bc0e9fcc622dbc42b5c7a7f17f2794f1101607de6ca7
SSDEEP

12288:rqru80paIRPWxvFzhzFIko/IcYrIAfDE0cb1Yklllll/lllll7K10QUNI0H:rs0IIFWx9zlFIko/DY8kcbHlllll/llH

Score

10^/10

gozi 8877 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

outlook.com

xaaorunokee.site

taaorunokee.site

Attributes

base_path
/hreeen/
build
250212
dga_season
10
exe_type
loader
extension
.lof
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  454908e620c33ca3e631a6334e8b1ff1
- Size
  
  544KB
- MD5
  
  454908e620c33ca3e631a6334e8b1ff1
- SHA1
  
  50f292391060ff4d772a4fd695f9eba8432a8fd8
- SHA256
  
  0a3bc15ceb80f700d80b7d651ff378cf407c239f3e513e3bc9bd854f82f7e22c
- SHA512
  
  0e3165221a8f751c2e54e40d5ffa2012b43535f19bf89a0d6b7f7ec287546e1312c6c43759bd2cc97ad4bc0e9fcc622dbc42b5c7a7f17f2794f1101607de6ca7
- SSDEEP
  
  12288:rqru80paIRPWxvFzhzFIko/IcYrIAfDE0cb1Yklllll/lllll7K10QUNI0H:rs0IIFWx9zlFIko/DY8kcbHlllll/llH
Score

10^/10

gozi 8877 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

gozi8877bankerisfbtrojan