gozi | 86c04f8984f540bce436da84987705137a3efb548fc46ec4b28db62be7548934 | Triage

Sharing

General

Target

4793f12ab09ca31973a406b5b7f922d9_JaffaCakes118
Size

239KB
Sample

240515-xm9bgafc47
MD5

4793f12ab09ca31973a406b5b7f922d9
SHA1

5c67cc128cf3ebc18b4cf3e68572915bcee75f73
SHA256

86c04f8984f540bce436da84987705137a3efb548fc46ec4b28db62be7548934
SHA512

947d31acd7d818922c395fee969cb1516c8ef43582446d8349c71ad450ccd6fb115d42be6f0a42d5783bd2d539b63b2874d86bfff94088f6cf6352181214ca05
SSDEEP

3072:E9jW9lCztEjPEUEz5od5csjgDOQNp4Mk/58Xs3gxA33K3HaisqYa7m7/1lx57eDi:E9LR4PEz5owqBExu6DWK0a7C7eDi

Score

10^/10

gozi 200 banker isfb trojan

Malware Config

Extracted

Family

gozi

rsa_pubkey.plain

Extracted

Family

gozi

Botnet

200

C2

samesupretendedpretended.ru

Attributes

exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4793f12ab09ca31973a406b5b7f922d9_JaffaCakes118
- Size
  
  239KB
- MD5
  
  4793f12ab09ca31973a406b5b7f922d9
- SHA1
  
  5c67cc128cf3ebc18b4cf3e68572915bcee75f73
- SHA256
  
  86c04f8984f540bce436da84987705137a3efb548fc46ec4b28db62be7548934
- SHA512
  
  947d31acd7d818922c395fee969cb1516c8ef43582446d8349c71ad450ccd6fb115d42be6f0a42d5783bd2d539b63b2874d86bfff94088f6cf6352181214ca05
- SSDEEP
  
  3072:E9jW9lCztEjPEUEz5od5csjgDOQNp4Mk/58Xs3gxA33K3HaisqYa7m7/1lx57eDi:E9LR4PEz5owqBExu6DWK0a7C7eDi
Score

10^/10

gozi 200 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi200bankerisfbtrojan

behavioral2

gozi200bankerisfbtrojan