gozi | 6815da7ef89424a01d33bd7f004ef4ecfdcf43c3e621096cb237a995a5303780 | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-05-01...uk.exe

windows7-x64

1

2024-05-01...uk.exe

windows10-2004-x64

Analysis

max time kernel
66s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 00:43

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-05-01_389acac45668aa513ce9b964a89ccbd1_ryuk.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-01_389acac45668aa513ce9b964a89ccbd1_ryuk.exe

Resource

win10v2004-20240419-en

gozi banker isfb trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

2024-05-01_389acac45668aa513ce9b964a89ccbd1_ryuk.exe
Size

2.3MB
MD5

389acac45668aa513ce9b964a89ccbd1
SHA1

45456a7d4e85991eaa38becacad6aa45af7093f9
SHA256

6815da7ef89424a01d33bd7f004ef4ecfdcf43c3e621096cb237a995a5303780
SHA512

17763305c241147a5518ed183624e1a280d8d000ddabf5946a86905c3485ef4fbd3b3dd4f44ef0eef1b1ee2eefe5cfc530a8d6d39e73809b3c2f6ee82c6d0a1d
SSDEEP

49152:zosQHMmpQAaR824OnqDPqFmhlyjsrrJLp2lUEFP4+Po6kk:n4O2P5JLQlVt4ib

Score

10^/10

gozi banker isfb trojan

Malware Config

Extracted

Family

gozi

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Processes

C:\Users\Admin\AppData\Local\Temp\2024-05-01_389acac45668aa513ce9b964a89ccbd1_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-01_389acac45668aa513ce9b964a89ccbd1_ryuk.exe"
1⤵
PID:4124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4124-0-0x00007FF64DC00000-0x00007FF64DE59000-memory.dmp

Filesize
2.3MB

Download
memory/4124-1-0x00007FF64DC00000-0x00007FF64DE59000-memory.dmp

Filesize
2.3MB

Download

© 2018-2024

Terms | Privacy