gozi | 12d66107671eb4b2ce864fad98fda18e37240ecb759c8b3aead1c836a926f2c9 | Triage

Submit
Reports

Overview

overview

Static

static

12d6610767...c9.exe

windows7-x64

12d6610767...c9.exe

windows10-2004-x64

Sharing

General

Target

12d66107671eb4b2ce864fad98fda18e37240ecb759c8b3aead1c836a926f2c9
Size

163KB
Sample

240510-xk8bdsfc27
MD5

052ba2f03f6467543333b644839c95ff
SHA1

f4994128177be9ee481ec8da194953c9d5793834
SHA256

12d66107671eb4b2ce864fad98fda18e37240ecb759c8b3aead1c836a926f2c9
SHA512

57834bca12207d9c1205d424921979a665d3dcc015018550d96c3f112fb8d5e8139e59ad8005926700eada6e982a2116c6e32d4ada83779bd07eaa1776a40928
SSDEEP

3072:JcWhPcX3hPvB1uztzeMeCBltOrWKDBr+yJb:iWouztzECBLOf

Score

10^/10

gozi banker isfb persistence trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

12d66107671eb4b2ce864fad98fda18e37240ecb759c8b3aead1c836a926f2c9.exe

Resource

win7-20240215-en

gozi banker isfb persistence trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

12d66107671eb4b2ce864fad98fda18e37240ecb759c8b3aead1c836a926f2c9.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  12d66107671eb4b2ce864fad98fda18e37240ecb759c8b3aead1c836a926f2c9
- Size
  
  163KB
- MD5
  
  052ba2f03f6467543333b644839c95ff
- SHA1
  
  f4994128177be9ee481ec8da194953c9d5793834
- SHA256
  
  12d66107671eb4b2ce864fad98fda18e37240ecb759c8b3aead1c836a926f2c9
- SHA512
  
  57834bca12207d9c1205d424921979a665d3dcc015018550d96c3f112fb8d5e8139e59ad8005926700eada6e982a2116c6e32d4ada83779bd07eaa1776a40928
- SSDEEP
  
  3072:JcWhPcX3hPvB1uztzeMeCBltOrWKDBr+yJb:iWouztzECBLOf
Score

10^/10

gozi banker isfb persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Detects executables built or packed with MPress PE compressor
- UPX dump on OEP (original entry point)
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerisfbpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy