gozi | 06d12abdce3168f51a9e38d712b767bbf211d71553c74b33b5c79005c771d2c6 | Triage

Submit
Reports

Overview

overview

Static

static

3

a65053c661...fb.exe

windows7-x64

7

a65053c661...fb.exe

windows10-2004-x64

Sharing

General

Target

a65053c661862e925484ecade1c4e2fb
Size

3.3MB
Sample

240226-patfgsde31
MD5

a65053c661862e925484ecade1c4e2fb
SHA1

ea6a29adbb18401406c321111b19a9ba6b924df8
SHA256

06d12abdce3168f51a9e38d712b767bbf211d71553c74b33b5c79005c771d2c6
SHA512

376c231c54175d65770015e3f033cb7702a7685e95df91940bb01c8ad62c4754e38ded3f81f2bee68829f5df308a2198795b37ffaebaf87ff20579a9e92163ef
SSDEEP

98304:0UtJ2Y59CRpIaY8QQTJ6a24d6Yd4S+D845wVmE8G4T2O:0cORph/Bd4r845wVmE94Tr

Score

10^/10

gozi banker isfb trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a65053c661862e925484ecade1c4e2fb.exe

Resource

win7-20240221-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a65053c661862e925484ecade1c4e2fb.exe

Resource

win10v2004-20240221-en

gozi banker isfb trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  a65053c661862e925484ecade1c4e2fb
- Size
  
  3.3MB
- MD5
  
  a65053c661862e925484ecade1c4e2fb
- SHA1
  
  ea6a29adbb18401406c321111b19a9ba6b924df8
- SHA256
  
  06d12abdce3168f51a9e38d712b767bbf211d71553c74b33b5c79005c771d2c6
- SHA512
  
  376c231c54175d65770015e3f033cb7702a7685e95df91940bb01c8ad62c4754e38ded3f81f2bee68829f5df308a2198795b37ffaebaf87ff20579a9e92163ef
- SSDEEP
  
  98304:0UtJ2Y59CRpIaY8QQTJ6a24d6Yd4S+D845wVmE8G4T2O:0cORph/Bd4r845wVmE94Tr
Score

10^/10

gozi banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

gozibankerisfbtrojan

© 2018-2024

Terms | Privacy