gozi | d108229624c2c0b37b36268cbac9ceb8e5f9f9b25de4b555254cc1faf662576f | Triage

Submit
Reports

Overview

overview

Static

static

7

f5494f6162...18.exe

windows7-x64

f5494f6162...18.exe

windows10-2004-x64

7

Sharing

General

Target

f5494f61627c8c101b403c2a3bbb5f78_JaffaCakes118
Size

5.3MB
Sample

240417-jdtmrsgh72
MD5

f5494f61627c8c101b403c2a3bbb5f78
SHA1

2d063af93542577090b87a7f58335bff7c1b6bc4
SHA256

d108229624c2c0b37b36268cbac9ceb8e5f9f9b25de4b555254cc1faf662576f
SHA512

e5322d544b2a05c4c9fefd6adf87b82bb4d69a28e23bcc4a4c73cda19d25d9913bc4d921481f78e4248909dd4d7e27dedbba3e4e653df4b950b72a869be5e75d
SSDEEP

98304:VxZtsVLiEf+J2xQ9n4EMWabb//0SFj7XwzbyJYsbkzBhtxuLngE4EMWabb//0SFV:VKVL1Q5MWY/02YzQby3ruk4MWY/02YzI

Score

10^/10

gozi banker isfb trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f5494f61627c8c101b403c2a3bbb5f78_JaffaCakes118.exe

Resource

win7-20240220-en

gozi banker isfb trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

f5494f61627c8c101b403c2a3bbb5f78_JaffaCakes118.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  f5494f61627c8c101b403c2a3bbb5f78_JaffaCakes118
- Size
  
  5.3MB
- MD5
  
  f5494f61627c8c101b403c2a3bbb5f78
- SHA1
  
  2d063af93542577090b87a7f58335bff7c1b6bc4
- SHA256
  
  d108229624c2c0b37b36268cbac9ceb8e5f9f9b25de4b555254cc1faf662576f
- SHA512
  
  e5322d544b2a05c4c9fefd6adf87b82bb4d69a28e23bcc4a4c73cda19d25d9913bc4d921481f78e4248909dd4d7e27dedbba3e4e653df4b950b72a869be5e75d
- SSDEEP
  
  98304:VxZtsVLiEf+J2xQ9n4EMWabb//0SFj7XwzbyJYsbkzBhtxuLngE4EMWabb//0SFV:VKVL1Q5MWY/02YzQby3ruk4MWY/02YzI
Score

10^/10

gozi banker isfb trojan upx
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozibankerisfbtrojanupx

behavioral2

© 2018-2024

Terms | Privacy