Overview

overview

10

Static

static

3

7fb81b98bb...25.dll

windows7-x64

10

7fb81b98bb...25.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7fb81b98bb77b54c2f69ab7c19d8bc25

  • Size

    605KB

  • Sample

    240129-nhp8csgfc4

  • MD5

    7fb81b98bb77b54c2f69ab7c19d8bc25

  • SHA1

    bfd82e8164088d905576f66f2010e5f1fb1e892f

  • SHA256

    6700cc014e9ef5473a909a0c10d644661ccd0750ca942abd458cec91e32bf551

  • SHA512

    6a42a3b31cdd34436f92f6eeb29e968a81cde00a69adcae8174231faa9bc7e9ec0f5d4a5f419591cb425ddff936f11a6493310f24f8f3ea83f3993e07996efb5

  • SSDEEP

    12288:/edbxfx8d3fbkRXgeSVpZJosJe9ln3KuUliVjjP:/e3fYYRk/Xw9t3KniV

Score
10/10
gozi1001bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

yahoo.com

bogoleruno.website

gogoleruno.website
Attributes
  • base_path

    /gksadk/

  • build

    250212

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • extension

    .fre

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      7fb81b98bb77b54c2f69ab7c19d8bc25

    • Size

      605KB

    • MD5

      7fb81b98bb77b54c2f69ab7c19d8bc25

    • SHA1

      bfd82e8164088d905576f66f2010e5f1fb1e892f

    • SHA256

      6700cc014e9ef5473a909a0c10d644661ccd0750ca942abd458cec91e32bf551

    • SHA512

      6a42a3b31cdd34436f92f6eeb29e968a81cde00a69adcae8174231faa9bc7e9ec0f5d4a5f419591cb425ddff936f11a6493310f24f8f3ea83f3993e07996efb5

    • SSDEEP

      12288:/edbxfx8d3fbkRXgeSVpZJosJe9ln3KuUliVjjP:/e3fYYRk/Xw9t3KniV

    Score
    10/10
    gozi1001bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks