gozi | 655da3e3009d3bbe19fce8d2913f11e8afd61d7b567a01f7421b4253230758a6 | Triage

Submit
Reports

Overview

overview

Static

static

7

fd6a2837f4...18.exe

windows7-x64

fd6a2837f4...18.exe

windows10-2004-x64

7

Sharing

General

Target

fd6a2837f471b90aebdff7d493ce519a_JaffaCakes118
Size

2.9MB
Sample

240420-xl8zbafh3z
MD5

fd6a2837f471b90aebdff7d493ce519a
SHA1

c57e035e23296200f0ae76fc6c8b84c3db37587e
SHA256

655da3e3009d3bbe19fce8d2913f11e8afd61d7b567a01f7421b4253230758a6
SHA512

78af260a558caf77a232546d0e8c8af73d948c586ed1e09454ae244c087a86cd48a7bba9087224206ad45601a8fccdb05850ac38d1b04b185acedbcdf33b3421
SSDEEP

49152:IS3+/EyBLQB11vkJ///Im+hqDb3Qv6+9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:9qLa1sfPW6+Hau42c1joCjMPkNwk6

Score

10^/10

gozi banker isfb trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fd6a2837f471b90aebdff7d493ce519a_JaffaCakes118.exe

Resource

win7-20240221-en

gozi banker isfb trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd6a2837f471b90aebdff7d493ce519a_JaffaCakes118.exe

Resource

win10v2004-20240412-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  fd6a2837f471b90aebdff7d493ce519a_JaffaCakes118
- Size
  
  2.9MB
- MD5
  
  fd6a2837f471b90aebdff7d493ce519a
- SHA1
  
  c57e035e23296200f0ae76fc6c8b84c3db37587e
- SHA256
  
  655da3e3009d3bbe19fce8d2913f11e8afd61d7b567a01f7421b4253230758a6
- SHA512
  
  78af260a558caf77a232546d0e8c8af73d948c586ed1e09454ae244c087a86cd48a7bba9087224206ad45601a8fccdb05850ac38d1b04b185acedbcdf33b3421
- SSDEEP
  
  49152:IS3+/EyBLQB11vkJ///Im+hqDb3Qv6+9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:9qLa1sfPW6+Hau42c1joCjMPkNwk6
Score

10^/10

gozi banker isfb trojan upx
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozibankerisfbtrojanupx

behavioral2

© 2018-2024

Terms | Privacy