gozi | 77f790e2e1ab2a7fe626582261ccd4f8b4897228473ecada18a77c9a2624eff0 | Triage

Sharing

General

Target

dd3eacaf674626f63b4d2b2bd9965666
Size

461KB
Sample

240325-e7t36sgb85
MD5

dd3eacaf674626f63b4d2b2bd9965666
SHA1

222fa747c652da9bb2d48f8fe7c245ec9fa25b30
SHA256

77f790e2e1ab2a7fe626582261ccd4f8b4897228473ecada18a77c9a2624eff0
SHA512

7283fefade4a5e05607fdb583a3b97487c6ca99408db8b301b8d5426a6398976b0e5bff42662677f579b38d34a553ccb39d59ad514ae1e7851a97f7451f99b98
SSDEEP

6144:otEtEtEtEtEtEtEtEtEtEt9WO2gUXdCpnZavQqR:Ceeeeeeeeee9xwcaN

Score

10^/10

gozi 89820235 banker cryptone packer rm3 trojan

Malware Config

Extracted

Family

gozi

Attributes

build
300898

Extracted

Family

gozi

Botnet

89820235

C2

https://exeupay.xyz

Attributes

build
300898
exe_type
loader
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  dd3eacaf674626f63b4d2b2bd9965666
- Size
  
  461KB
- MD5
  
  dd3eacaf674626f63b4d2b2bd9965666
- SHA1
  
  222fa747c652da9bb2d48f8fe7c245ec9fa25b30
- SHA256
  
  77f790e2e1ab2a7fe626582261ccd4f8b4897228473ecada18a77c9a2624eff0
- SHA512
  
  7283fefade4a5e05607fdb583a3b97487c6ca99408db8b301b8d5426a6398976b0e5bff42662677f579b38d34a553ccb39d59ad514ae1e7851a97f7451f99b98
- SSDEEP
  
  6144:otEtEtEtEtEtEtEtEtEtEt9WO2gUXdCpnZavQqR:Ceeeeeeeeee9xwcaN
Score

10^/10

gozi 89820235 banker rm3 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi89820235bankerrm3trojan

behavioral2

gozi89820235bankerrm3trojan