gozi | e4de14ee872b74e8d8a9c505eed50055842ac748d7d97fa7bf6c0898e7136d50 | Triage

Sharing

General

Target

2edc559732a0e9e45fe8ca0121e2787e_JaffaCakes118
Size

269KB
Sample

240510-ngncdaeg82
MD5

2edc559732a0e9e45fe8ca0121e2787e
SHA1

f38cb4897c111065ff830df36921ebadb3f0ad31
SHA256

e4de14ee872b74e8d8a9c505eed50055842ac748d7d97fa7bf6c0898e7136d50
SHA512

4fee361658d28068c7f5b90b476732f294b5bf6305f6450d76f91734df9a77702a0ba52a8cff0ee7ec8b3e1b4bde96fba40c6d4fcd60a92ed7d82cd70c4b1224
SSDEEP

6144:/VfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:/VfjDmtW/adCC4/UIsBhN/5

Score

10^/10

gozi 3151 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  2edc559732a0e9e45fe8ca0121e2787e_JaffaCakes118
- Size
  
  269KB
- MD5
  
  2edc559732a0e9e45fe8ca0121e2787e
- SHA1
  
  f38cb4897c111065ff830df36921ebadb3f0ad31
- SHA256
  
  e4de14ee872b74e8d8a9c505eed50055842ac748d7d97fa7bf6c0898e7136d50
- SHA512
  
  4fee361658d28068c7f5b90b476732f294b5bf6305f6450d76f91734df9a77702a0ba52a8cff0ee7ec8b3e1b4bde96fba40c6d4fcd60a92ed7d82cd70c4b1224
- SSDEEP
  
  6144:/VfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:/VfjDmtW/adCC4/UIsBhN/5
Score

10^/10

gozi 3151 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3151bankerisfbtrojan

behavioral2

gozi3151bankerisfbtrojan