gozi | e09755fd3d305a65619846f8b1a1f65008c51f39e2842b2a89e5f5d37013d17b | Triage

Sharing

General

Target

37e28ba51e48b800508a7a175376e22e_JaffaCakes118
Size

250KB
Sample

240512-dera5sgb83
MD5

37e28ba51e48b800508a7a175376e22e
SHA1

355161b3135e9c2c962b3e333e7f48c3802b305e
SHA256

e09755fd3d305a65619846f8b1a1f65008c51f39e2842b2a89e5f5d37013d17b
SHA512

707a7c76481aee315776bf25ffdc4127441a4f28452575e075a09d109c281bd6163d2cb879f4013d53ea7767d10d92963bc761a66da4db32628682c8de54a090
SSDEEP

3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2

Score

10^/10

gozi 92020311 banker rm3 trojan

Malware Config

Extracted

Family

gozi

Attributes

build
300913

Extracted

Family

gozi

Botnet

92020311

C2

https://appealingedge.xyz

Attributes

build
300913
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  37e28ba51e48b800508a7a175376e22e_JaffaCakes118
- Size
  
  250KB
- MD5
  
  37e28ba51e48b800508a7a175376e22e
- SHA1
  
  355161b3135e9c2c962b3e333e7f48c3802b305e
- SHA256
  
  e09755fd3d305a65619846f8b1a1f65008c51f39e2842b2a89e5f5d37013d17b
- SHA512
  
  707a7c76481aee315776bf25ffdc4127441a4f28452575e075a09d109c281bd6163d2cb879f4013d53ea7767d10d92963bc761a66da4db32628682c8de54a090
- SSDEEP
  
  3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2
Score

10^/10

gozi 92020311 banker rm3 trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi92020311bankerrm3trojan

behavioral2

gozi92020311bankerrm3trojan