gozi | 233a7260b921404cc9bb2407566dde8f19d46fb0303d718e2f509769fe201751 | Triage

Sharing

General

Target

4584037cdc0fdc5239d3e555950e5308_JaffaCakes118
Size

264KB
Sample

240515-ldh75sah8s
MD5

4584037cdc0fdc5239d3e555950e5308
SHA1

b16067013c03a839b7c8b3c8121325cc57d27c06
SHA256

233a7260b921404cc9bb2407566dde8f19d46fb0303d718e2f509769fe201751
SHA512

9ec1918d766b0d1c72ac6db10393ddbe692163dc7f29d50918fa4ffe1953781ff1547cb8335a8eba0b9ab74fe71a59c251b46a07931429b388bca77426e7eab4
SSDEEP

6144:Ah2DhMx+2lU5e+54MEwuOJGz8qqghbyp:zDhm2954qJunh0p

Score

10^/10

gozi 3297 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
217173

Extracted

Family

gozi

Botnet

3297

C2

wadameee.club

xjustusia37.xyz

npou82vb.info

Attributes

build
217173
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4584037cdc0fdc5239d3e555950e5308_JaffaCakes118
- Size
  
  264KB
- MD5
  
  4584037cdc0fdc5239d3e555950e5308
- SHA1
  
  b16067013c03a839b7c8b3c8121325cc57d27c06
- SHA256
  
  233a7260b921404cc9bb2407566dde8f19d46fb0303d718e2f509769fe201751
- SHA512
  
  9ec1918d766b0d1c72ac6db10393ddbe692163dc7f29d50918fa4ffe1953781ff1547cb8335a8eba0b9ab74fe71a59c251b46a07931429b388bca77426e7eab4
- SSDEEP
  
  6144:Ah2DhMx+2lU5e+54MEwuOJGz8qqghbyp:zDhm2954qJunh0p
Score

10^/10

gozi 3297 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3297bankerisfbtrojan

behavioral2

gozi3297bankerisfbtrojan