gozi | dd28953551dfccf038a501dbf06b7d87e6fd5ec99edfb0d78da1603d026e3d84 | Triage

Sharing

General

Target

25a27d247432fe9f84eee3ebfca5f72a_JaffaCakes118
Size

606KB
Sample

240329-sws9dsbd8y
MD5

25a27d247432fe9f84eee3ebfca5f72a
SHA1

e3331a019577644518fcf397c0f8dbb3be3bbb02
SHA256

dd28953551dfccf038a501dbf06b7d87e6fd5ec99edfb0d78da1603d026e3d84
SHA512

281207d7e5534b2c25b86a997a54feb4b8b069a5048e426bb1c62c087877e4ce7f46942789c9402ad6b3cb1a64d4d2bea4cf9aed5cdf3b55bc2d813447cc38ec
SSDEEP

12288:m8dajLSIFcqRfyo4Tq89UtoM+YD3h0QYDpnynKZ0febiP+eMq6FiIa5zrg:ioqpyo4TqmUtoMapy60feeQiIY

Score

10^/10

gozi 5566 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5566

C2

outlook.com

peajame.com

gderrrpololo.net

Attributes

base_path
/glik/
build
250211
dga_season
10
exe_type
loader
extension
.lwe
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  25a27d247432fe9f84eee3ebfca5f72a_JaffaCakes118
- Size
  
  606KB
- MD5
  
  25a27d247432fe9f84eee3ebfca5f72a
- SHA1
  
  e3331a019577644518fcf397c0f8dbb3be3bbb02
- SHA256
  
  dd28953551dfccf038a501dbf06b7d87e6fd5ec99edfb0d78da1603d026e3d84
- SHA512
  
  281207d7e5534b2c25b86a997a54feb4b8b069a5048e426bb1c62c087877e4ce7f46942789c9402ad6b3cb1a64d4d2bea4cf9aed5cdf3b55bc2d813447cc38ec
- SSDEEP
  
  12288:m8dajLSIFcqRfyo4Tq89UtoM+YD3h0QYDpnynKZ0febiP+eMq6FiIa5zrg:ioqpyo4TqmUtoMapy60feeQiIY
Score

10^/10

gozi 5566 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi5566bankerisfbtrojan

behavioral2

gozi5566bankerisfbtrojan