gozi | 7322f70e06112dcdbd7f3fe6422ac477e5e5eb6dc027ad3f717c8dadc8706039 | Triage

Sharing

General

Target

3f689e796d6d0d65b7a742880d21ac97_JaffaCakes118
Size

3.4MB
Sample

240513-n89dxsef39
MD5

3f689e796d6d0d65b7a742880d21ac97
SHA1

a296cd060f5331001251cd59c2b2730b3db43d97
SHA256

7322f70e06112dcdbd7f3fe6422ac477e5e5eb6dc027ad3f717c8dadc8706039
SHA512

aa506e45a69f4318be72a713db021b19a634f1287394a34fbe326a3dfd5511f085218913ecdfaa14a4e5bc2c3ff0affdca2749ba8247b3f04234e148a5a6ea36
SSDEEP

49152:U89nwonUXJK2qmngTTHQVOwkBc9ODyxN50bj2qYYTWttR:B9SWDPwO8PR

Score

10^/10

gozi 3478 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214096

Extracted

Family

gozi

Botnet

3478

C2

google.com

gmail.com

waouqk51iu.com

jsztkeagan.club

jkeshaunjakob.club

Attributes

build
214096
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  3f689e796d6d0d65b7a742880d21ac97_JaffaCakes118
- Size
  
  3.4MB
- MD5
  
  3f689e796d6d0d65b7a742880d21ac97
- SHA1
  
  a296cd060f5331001251cd59c2b2730b3db43d97
- SHA256
  
  7322f70e06112dcdbd7f3fe6422ac477e5e5eb6dc027ad3f717c8dadc8706039
- SHA512
  
  aa506e45a69f4318be72a713db021b19a634f1287394a34fbe326a3dfd5511f085218913ecdfaa14a4e5bc2c3ff0affdca2749ba8247b3f04234e148a5a6ea36
- SSDEEP
  
  49152:U89nwonUXJK2qmngTTHQVOwkBc9ODyxN50bj2qYYTWttR:B9SWDPwO8PR
Score

10^/10

gozi 3478 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3478bankerisfbtrojan

behavioral2

gozi3478bankerisfbtrojan