gozi | 915dc55b4031def7064312e56c9a9effa21ad124366df54fdc1215ef1709bfd0 | Triage

Sharing

General

Target

319f9e10658376d8925ca870d35e1137_JaffaCakes118
Size

648KB
Sample

240510-3mh26sbb76
MD5

319f9e10658376d8925ca870d35e1137
SHA1

23a8fd02baf0cae25c98a89fb76196d532ed1767
SHA256

915dc55b4031def7064312e56c9a9effa21ad124366df54fdc1215ef1709bfd0
SHA512

3689a92b44fbdf5077f5dacde8967754488241571c74dcb9cb15ca6dadc0541bb32362b7e7525ec9fee6dc0b7dc9568930fb28141a4ccf9b6b5c34ccd49de8e9
SSDEEP

6144:Q5mTEDUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wED3kEDnQdM9rEju0TH4l

Score

10^/10

gozi 3189 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214062

Extracted

Family

gozi

Botnet

3189

C2

hfmjerrodo.com

w19jackyivah.com

l15uniquekylie.city

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  319f9e10658376d8925ca870d35e1137_JaffaCakes118
- Size
  
  648KB
- MD5
  
  319f9e10658376d8925ca870d35e1137
- SHA1
  
  23a8fd02baf0cae25c98a89fb76196d532ed1767
- SHA256
  
  915dc55b4031def7064312e56c9a9effa21ad124366df54fdc1215ef1709bfd0
- SHA512
  
  3689a92b44fbdf5077f5dacde8967754488241571c74dcb9cb15ca6dadc0541bb32362b7e7525ec9fee6dc0b7dc9568930fb28141a4ccf9b6b5c34ccd49de8e9
- SSDEEP
  
  6144:Q5mTEDUok+1NjIjODnupJnMZLrSPm4JZM1o7SVMVVadETPjSjCv4RgSNY5v6:Q5wED3kEDnQdM9rEju0TH4l
Score

10^/10

gozi 3189 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3189bankerisfbtrojan

behavioral2

gozi3189bankerisfbtrojan