gozi | 19203b83235f7a82df72c041702c8c74934452aba6b5cd340881369a738b40ad | Triage

Sharing

General

Target

679931671e9946dec7f100a76aa0c32d_JaffaCakes118
Size

1.2MB
Sample

240401-ez24tadh27
MD5

679931671e9946dec7f100a76aa0c32d
SHA1

79886619c2d123b3fa8be0ce8a2472f628886307
SHA256

19203b83235f7a82df72c041702c8c74934452aba6b5cd340881369a738b40ad
SHA512

fa318517c1d12d08370c849599eb108f4bf37c938b45e9d0542bd087c4d52c1034355cc018603d20ef6facd830eed79e82a59c5b566ec341f7f77e1fd7ee58b2
SSDEEP

24576:EQWt7MQhrgc/IQA3DEEf3cFDZYbZy8zl2ws5KHGv/ChfHOtpfdwuPiHT8XYAT/a8:xuHrgc/IQA3oEvcFtYbZy8zl2wLHGv/1

Score

10^/10

gozi 8899 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8899

C2

msn.com/login

vloderuniok.website

gloderuniok.website

Attributes

base_path
/jkloio/
build
260212
dga_season
10
exe_type
loader
extension
.lko
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  679931671e9946dec7f100a76aa0c32d_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  679931671e9946dec7f100a76aa0c32d
- SHA1
  
  79886619c2d123b3fa8be0ce8a2472f628886307
- SHA256
  
  19203b83235f7a82df72c041702c8c74934452aba6b5cd340881369a738b40ad
- SHA512
  
  fa318517c1d12d08370c849599eb108f4bf37c938b45e9d0542bd087c4d52c1034355cc018603d20ef6facd830eed79e82a59c5b566ec341f7f77e1fd7ee58b2
- SSDEEP
  
  24576:EQWt7MQhrgc/IQA3DEEf3cFDZYbZy8zl2ws5KHGv/ChfHOtpfdwuPiHT8XYAT/a8:xuHrgc/IQA3oEvcFtYbZy8zl2wLHGv/1
Score

10^/10

gozi 8899 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi8899bankerisfbtrojan

behavioral2

gozi8899bankerisfbtrojan