Overview

overview

10

Static

static

10

c0be2d843a...69.exe

windows7-x64

10

c0be2d843a...69.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ef439f8992b036d62747ef3844352124f1837e3699a85a5fef561fd893f24d4

  • Size

    32KB

  • Sample

    240419-wzpxxscf8x

  • MD5

    e36f3588cadee53d0c6105ce67dc7987

  • SHA1

    09bb9a73a0ecff308b122d8e5723671f02f83dac

  • SHA256

    4ef439f8992b036d62747ef3844352124f1837e3699a85a5fef561fd893f24d4

  • SHA512

    b4e27851bc5f83e21e314506864c2758995f733a6919487409f6c36a7f95e066a44c52832b319757acbce0c0c21d542c47194f6f2b8fbc85798566c7d6d375ea

  • SSDEEP

    768:V6cRtBOUIBZqUKAfNcgH8l06ml53iZhCdVTMUqGNqtz+Gar:rRt6HKXgHQ0V3KXpP+j

Score
10/10
gozi994411bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

994411

C2

renewbleenergey.ru

iujdhsndjfks.ru

94.198.54.97

gameindikdowd.ru

jhgfdlkjhaoiu.su

reggy506.ru

reggy914.ru
Attributes
  • base_path

    /uploaded/

  • build

    250249

  • exe_type

    loader

  • extension

    .pct

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      c0be2d843a58e5c8efbdeee3d287fa6432e0bf401fd7c38870b8153301a24b69

    • Size

      37KB

    • MD5

      fab96414cc834214965bfc06a1f152b0

    • SHA1

      1734b62ddb614cde6f6191799e8c4494593b533c

    • SHA256

      c0be2d843a58e5c8efbdeee3d287fa6432e0bf401fd7c38870b8153301a24b69

    • SHA512

      959f5dcfccd8d934d5b09e92ee84e54a1fefb04c6bfa59ce60988779061d3fbf72752db9b5118f19ca334fc48b0fad0f2e0418c2dc278cbb4879b15c57eb7fb8

    • SSDEEP

      768:TKbMPv5JLJyeyV34OB9bl5n+iRjn9P1avZa9Bmr1h097mI569:T4MHLLJJyt5+0zavZangX097m5

    Score
    10/10
    gozi994411bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks