gozi | d210d7f79135d554ec4ea11a3e193e8bb05e6941598c99c59705bcb3068898d1 | Triage

Sharing

General

Target

48f7efd2f343bdd050cb23d3f9180a8e_JaffaCakes118
Size

455KB
Sample

240516-b1wfwaed8x
MD5

48f7efd2f343bdd050cb23d3f9180a8e
SHA1

d3dae9aade87fcd3324fcff97d951ea5ae512b5b
SHA256

d210d7f79135d554ec4ea11a3e193e8bb05e6941598c99c59705bcb3068898d1
SHA512

77ec6adb21a9148065d2dfda65aaac2acd814ecffcaade9cf2038180f88b3915f1163e327d40ad69ceab74f847b15864349c8aab7c8881d57df8d022384476f6
SSDEEP

6144:pk69oa2DnZot8e/toa/YhFdNtH9dXfZNJIYb9eHg1jgw:pF72DnOt1NQH9dXRgw

Score

10^/10

gozi 3183 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214062

Extracted

Family

gozi

Botnet

3183

C2

v99jarret3287x.com

huymireyai.company

so64a92elody.email

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  48f7efd2f343bdd050cb23d3f9180a8e_JaffaCakes118
- Size
  
  455KB
- MD5
  
  48f7efd2f343bdd050cb23d3f9180a8e
- SHA1
  
  d3dae9aade87fcd3324fcff97d951ea5ae512b5b
- SHA256
  
  d210d7f79135d554ec4ea11a3e193e8bb05e6941598c99c59705bcb3068898d1
- SHA512
  
  77ec6adb21a9148065d2dfda65aaac2acd814ecffcaade9cf2038180f88b3915f1163e327d40ad69ceab74f847b15864349c8aab7c8881d57df8d022384476f6
- SSDEEP
  
  6144:pk69oa2DnZot8e/toa/YhFdNtH9dXfZNJIYb9eHg1jgw:pF72DnOt1NQH9dXRgw
Score

10^/10

gozi 3183 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3183bankerisfbtrojan

behavioral2

gozi3183bankerisfbtrojan