gozi | cb215014f6bf97e1e48c57964e2f66b26f5aa24dc91760c06618a74b1feee118 | Triage

Submit
Reports

Overview

overview

Static

static

7

f99497128b...18.exe

windows7-x64

f99497128b...18.exe

windows10-2004-x64

Sharing

General

Target

f99497128b2306c71806f8290cdcd0b3_JaffaCakes118
Size

14KB
Sample

240419-fvw8faaf9x
MD5

f99497128b2306c71806f8290cdcd0b3
SHA1

e2ac260d6329fc4f20c343aca73023de88a523e0
SHA256

cb215014f6bf97e1e48c57964e2f66b26f5aa24dc91760c06618a74b1feee118
SHA512

67f1dcbfb7091d0ab7b55812241d909b6c1ea4b50698fe6b789b5df99f9cd0aa193e167c36cb6e7013c13b74b69c8d37117d68cea4e88802a2e6c4d0c80a762c
SSDEEP

192:zawE9e6BACdbQstv7U8vAzN7aVD1xWdj7cEhvM5I21PN1PYIm4bT6aImYpTMmP2:zd/wbp8z4Kd/cEhvMfaIhqoCTJAzM

Score

10^/10

gozi banker isfb persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f99497128b2306c71806f8290cdcd0b3_JaffaCakes118.exe

Resource

win7-20240221-en

gozi banker isfb persistence trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f99497128b2306c71806f8290cdcd0b3_JaffaCakes118.exe

Resource

win10v2004-20240226-en

gozi banker isfb persistence trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  f99497128b2306c71806f8290cdcd0b3_JaffaCakes118
- Size
  
  14KB
- MD5
  
  f99497128b2306c71806f8290cdcd0b3
- SHA1
  
  e2ac260d6329fc4f20c343aca73023de88a523e0
- SHA256
  
  cb215014f6bf97e1e48c57964e2f66b26f5aa24dc91760c06618a74b1feee118
- SHA512
  
  67f1dcbfb7091d0ab7b55812241d909b6c1ea4b50698fe6b789b5df99f9cd0aa193e167c36cb6e7013c13b74b69c8d37117d68cea4e88802a2e6c4d0c80a762c
- SSDEEP
  
  192:zawE9e6BACdbQstv7U8vAzN7aVD1xWdj7cEhvM5I21PN1PYIm4bT6aImYpTMmP2:zd/wbp8z4Kd/cEhvMfaIhqoCTJAzM
Score

10^/10

gozi banker isfb persistence trojan upx
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Modifies AppInit DLL entries
  persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozibankerisfbpersistencetrojanupx

behavioral2

gozibankerisfbpersistencetrojanupx

© 2018-2024

Terms | Privacy