gozi | 65b790b69a022c8a968515fd8a535ff7785c885e56868f306171a63bd611bbb3 | Triage

Submit
Reports

Overview

overview

Static

static

2024-05-11...er.exe

windows7-x64

2024-05-11...er.exe

windows10-2004-x64

Sharing

General

Target

2024-05-11_5332c0a59e1fbee2a7897c2a9dea9b3d_magniber
Size

15.9MB
Sample

240511-fsqmwafa4w
MD5

5332c0a59e1fbee2a7897c2a9dea9b3d
SHA1

48e81304a02be2eada884d9bc8bc44b2aafebf16
SHA256

65b790b69a022c8a968515fd8a535ff7785c885e56868f306171a63bd611bbb3
SHA512

70a52983f234e23c36fc6bb9e091bbbbc566cccca6caab311c89b9e6f3f6c80de270a14f7c90fa4887b57c185b076e59b25ef3416b3af7918816af1cf1d23f17
SSDEEP

393216:jgMdJwI3saK5c54u2srOQYiclgeOco9t/:jJL3Bu/QYisOH/

Score

10^/10

gozi banker isfb trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2024-05-11_5332c0a59e1fbee2a7897c2a9dea9b3d_magniber.exe

Resource

win7-20240221-en

gozi banker isfb trojan

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-05-11_5332c0a59e1fbee2a7897c2a9dea9b3d_magniber.exe

Resource

win10v2004-20240508-en

gozi banker isfb trojan

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  2024-05-11_5332c0a59e1fbee2a7897c2a9dea9b3d_magniber
- Size
  
  15.9MB
- MD5
  
  5332c0a59e1fbee2a7897c2a9dea9b3d
- SHA1
  
  48e81304a02be2eada884d9bc8bc44b2aafebf16
- SHA256
  
  65b790b69a022c8a968515fd8a535ff7785c885e56868f306171a63bd611bbb3
- SHA512
  
  70a52983f234e23c36fc6bb9e091bbbbc566cccca6caab311c89b9e6f3f6c80de270a14f7c90fa4887b57c185b076e59b25ef3416b3af7918816af1cf1d23f17
- SSDEEP
  
  393216:jgMdJwI3saK5c54u2srOQYiclgeOco9t/:jJL3Bu/QYisOH/
Score

10^/10

gozi banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozibankerisfbtrojan

behavioral2

gozibankerisfbtrojan

© 2018-2024

Terms | Privacy