gozi | 0be6b83bd43ea4dd75e061b4cde95c564a0bb6296400b1b32326323c6d1849cb | Triage

Sharing

General

Target

4b6231e3a1ac05228c4985cb41d6e307_JaffaCakes118
Size

485KB
Sample

240516-q24wzaga28
MD5

4b6231e3a1ac05228c4985cb41d6e307
SHA1

288c3017211c15a6f3165d36df104441bc283183
SHA256

0be6b83bd43ea4dd75e061b4cde95c564a0bb6296400b1b32326323c6d1849cb
SHA512

ef215a2688270d6237ff3b4daf77cb67830cad55501bf2aa5db31754bbddf74518442c5ea441dc7820bd38a634a231574b8c7a5c46f962697e4ccc4a2a0d48ff
SSDEEP

12288:mD9UDevpMtdoe83GWLh6iVMGP1tYLwqYZy4e:hiq/H8hh6O91tqHYZS

Score

10^/10

gozi 3140 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
215165

Extracted

Family

gozi

Botnet

3140

C2

isatawatag.com

bosototsuy.com

atamekihok.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4b6231e3a1ac05228c4985cb41d6e307_JaffaCakes118
- Size
  
  485KB
- MD5
  
  4b6231e3a1ac05228c4985cb41d6e307
- SHA1
  
  288c3017211c15a6f3165d36df104441bc283183
- SHA256
  
  0be6b83bd43ea4dd75e061b4cde95c564a0bb6296400b1b32326323c6d1849cb
- SHA512
  
  ef215a2688270d6237ff3b4daf77cb67830cad55501bf2aa5db31754bbddf74518442c5ea441dc7820bd38a634a231574b8c7a5c46f962697e4ccc4a2a0d48ff
- SSDEEP
  
  12288:mD9UDevpMtdoe83GWLh6iVMGP1tYLwqYZy4e:hiq/H8hh6O91tqHYZS
Score

10^/10

gozi 3140 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3140bankerisfbtrojan

behavioral2

gozi3140bankerisfbtrojan