gozi | a92d23b9be2e9272b4116a57bb363099bab062cbd0137bbd285c67b2b4835a2c | Triage

Sharing

General

Target

15d1a3417eab211b536dfb63841c15f2_JaffaCakes118
Size

648KB
Sample

240505-d84tbsha28
MD5

15d1a3417eab211b536dfb63841c15f2
SHA1

d18cfdf465da27a66db7c621f1e73c71e7379c92
SHA256

a92d23b9be2e9272b4116a57bb363099bab062cbd0137bbd285c67b2b4835a2c
SHA512

114e482301e43adb9b78040ece6549cb4ec130bb806026aba607760a421ae0eabf4f4515b7ab01ebacd64e8a14edbaba463f8685fc69406f6a0e20142f49ed53
SSDEEP

6144:Q5mTEHUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wEH3kEDnQdM9rEju0TH4l

Score

10^/10

gozi 3189 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214062

Extracted

Family

gozi

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  15d1a3417eab211b536dfb63841c15f2_JaffaCakes118
- Size
  
  648KB
- MD5
  
  15d1a3417eab211b536dfb63841c15f2
- SHA1
  
  d18cfdf465da27a66db7c621f1e73c71e7379c92
- SHA256
  
  a92d23b9be2e9272b4116a57bb363099bab062cbd0137bbd285c67b2b4835a2c
- SHA512
  
  114e482301e43adb9b78040ece6549cb4ec130bb806026aba607760a421ae0eabf4f4515b7ab01ebacd64e8a14edbaba463f8685fc69406f6a0e20142f49ed53
- SSDEEP
  
  6144:Q5mTEHUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wEH3kEDnQdM9rEju0TH4l
Score

10^/10

gozi 3189 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3189bankerisfbtrojan

behavioral2

gozi3189bankerisfbtrojan