gozi | 19ec910d48dc8e4f979043dcafb1d7a67e81246fdbee064368d3fb6bd5e3621f | Triage

Submit
Reports

Overview

overview

Static

static

cb49adf303...7b.exe

windows7-x64

cb49adf303...7b.exe

windows10-2004-x64

Sharing

General

Target

d21ebfa5e971bb5293c9de7a404792a1.bin
Size

4.0MB
Sample

240314-eqpr5aab2w
MD5

5444e3c92e42390899760a0fbbe0bcfd
SHA1

3d0bcf3e027318615496ea9f9acb2edae227c44a
SHA256

19ec910d48dc8e4f979043dcafb1d7a67e81246fdbee064368d3fb6bd5e3621f
SHA512

bf533c2d5a76e9bd363ebebb122f633f5434a7eb3c67bd39133f4147604a1a49ccad8df795e6e1c9c556ef66f6f37f0a6333cb169d764f3e47ac956e61e74f3d
SSDEEP

98304:qF9QpeYvOpqyGLlB5YNEOZH1cJtcrJVfz8e1Z4lekhX4p:m9ie9MB543GgtV7xZ4Z4p

Score

10^/10

gozi risepro zgrat banker isfb rat stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

cb49adf3033abe1d446541a2b216b7cc9f50cd74494ec7d78dd365c952d3487b.exe

Resource

win7-20240221-en

gozi zgrat banker isfb rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

cb49adf3033abe1d446541a2b216b7cc9f50cd74494ec7d78dd365c952d3487b.exe

Resource

win10v2004-20240226-en

gozi risepro zgrat banker isfb rat stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Extracted

Family

risepro

C2

193.233.132.159:50500

Targets

- Target
  
  cb49adf3033abe1d446541a2b216b7cc9f50cd74494ec7d78dd365c952d3487b.exe
- Size
  
  5.9MB
- MD5
  
  d21ebfa5e971bb5293c9de7a404792a1
- SHA1
  
  850cae6b28d100738547f8a86889d71ff5289073
- SHA256
  
  cb49adf3033abe1d446541a2b216b7cc9f50cd74494ec7d78dd365c952d3487b
- SHA512
  
  2fe8f296117e70a05fa24f0be9250fff84af339eed1bfe46d1c218a0210324b9e0f77ddaf6ad518eca8370fc3023238f7fa13f483f30c545c10fc2e02f973a6f
- SSDEEP
  
  49152:VdFCDWU2GG8XKQ3/cdt4osAZo5+cSAsAUSNlLOg/L1Jf2jTiQ/VoJu4E9/+j9Z29:VnCDL2uKecbO4ihsAUoDjj233NmmcPK7
Score

10^/10

gozi zgrat banker isfb rat trojan risepro stealer
- Detect ZGRat V1
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozizgratbankerisfbrattrojan

behavioral2

goziriseprozgratbankerisfbratstealertrojan

© 2018-2025

Terms | Privacy