gozi | e2ee5e490c9675415df0fea69affe1b63febb6ca886e69997e106eca9b106d1d | Triage

Sharing

General

Target

eb19d6504abbde76b67b22ee8564dddb_JaffaCakes118
Size

461KB
Sample

240410-pzwxxabc4t
MD5

eb19d6504abbde76b67b22ee8564dddb
SHA1

b583fe36a47495557a6708eb6bcc02d63d101f02
SHA256

e2ee5e490c9675415df0fea69affe1b63febb6ca886e69997e106eca9b106d1d
SHA512

cdec8cfbd48f92568a445c775768f1af775593d1ada1ba3528a7767f3af50a6665008d5210260db9331bda3b63c15ea9d4c707fb764cb2f75d1de2cc9ff2b6f0
SSDEEP

12288:mxIkdQI90tC1o4isB/QD3Jv58kEPGxU3aV+2d:5pI90k3isB/Q1mZ73a42

Score

10^/10

gozi 1500 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  eb19d6504abbde76b67b22ee8564dddb_JaffaCakes118
- Size
  
  461KB
- MD5
  
  eb19d6504abbde76b67b22ee8564dddb
- SHA1
  
  b583fe36a47495557a6708eb6bcc02d63d101f02
- SHA256
  
  e2ee5e490c9675415df0fea69affe1b63febb6ca886e69997e106eca9b106d1d
- SHA512
  
  cdec8cfbd48f92568a445c775768f1af775593d1ada1ba3528a7767f3af50a6665008d5210260db9331bda3b63c15ea9d4c707fb764cb2f75d1de2cc9ff2b6f0
- SSDEEP
  
  12288:mxIkdQI90tC1o4isB/QD3Jv58kEPGxU3aV+2d:5pI90k3isB/Q1mZ73a42
Score

10^/10

gozi 1500 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi1500bankerisfbtrojan

behavioral2

gozi1500bankerisfbtrojan