gozi | e33c1276938039d18d6feb813ef494458619f6999374e31f05a2b5a74e012ab6 | Triage

Sharing

General

Target

871119561025c22cce7c161a408993fc
Size

461KB
Sample

240201-rbt5hsfaa5
MD5

871119561025c22cce7c161a408993fc
SHA1

d253f17e53f52cbe0978fd88861e560db55dbb12
SHA256

e33c1276938039d18d6feb813ef494458619f6999374e31f05a2b5a74e012ab6
SHA512

fa861cdb73bd57fde9a2a3bf173213a950464e85c9ddbe2bf5e17ba38c8985f631fe41b9bdf6f4279215ef83c3d35f431a3ea50979170d9754a1fe7094f8b88d
SSDEEP

12288:mxIkdQI90tC1o4imB/QD3Jv58kEPGxU3aV+2d:5pI90k3imB/Q1mZ73a42

Score

10^/10

gozi 1500 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  871119561025c22cce7c161a408993fc
- Size
  
  461KB
- MD5
  
  871119561025c22cce7c161a408993fc
- SHA1
  
  d253f17e53f52cbe0978fd88861e560db55dbb12
- SHA256
  
  e33c1276938039d18d6feb813ef494458619f6999374e31f05a2b5a74e012ab6
- SHA512
  
  fa861cdb73bd57fde9a2a3bf173213a950464e85c9ddbe2bf5e17ba38c8985f631fe41b9bdf6f4279215ef83c3d35f431a3ea50979170d9754a1fe7094f8b88d
- SSDEEP
  
  12288:mxIkdQI90tC1o4imB/QD3Jv58kEPGxU3aV+2d:5pI90k3imB/Q1mZ73a42
Score

10^/10

gozi 1500 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi1500bankerisfbtrojan

behavioral2

gozi1500bankerisfbtrojan