gozi | 4585f6882a3bd70bf7b2468ce35808190af34335eb0b37f477363bb2f4d52f12 | Triage

Sharing

General

Target

4bc7d5b21ef3c73b7fd1bbc92d593173_JaffaCakes118
Size

293KB
Sample

240516-syavtsbb6x
MD5

4bc7d5b21ef3c73b7fd1bbc92d593173
SHA1

ed769cbb2d825b253601d28f51da7c6ee4a4c29b
SHA256

4585f6882a3bd70bf7b2468ce35808190af34335eb0b37f477363bb2f4d52f12
SHA512

a9a2ba2e93873ce48884712589a42f47817f4d4a054e4c2b892a9b2f98e1413524880c48ea3f617258c37b5d63aec959cfbf96527af5769ef53fe4ee60d9ec09
SSDEEP

6144:TJ8mth3sLt+Aqj3FVzpe5ZFzbLXLe86HGrHnQ2Jx:uWJs+Y5ZFzPy86HOHH

Score

10^/10

gozi 3435 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214085

Extracted

Family

gozi

Botnet

3435

C2

google.com

gmail.com

tcolleen4463dn.com

v57zfvp.com

hateatate.xyz

Attributes

build
214085
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  4bc7d5b21ef3c73b7fd1bbc92d593173_JaffaCakes118
- Size
  
  293KB
- MD5
  
  4bc7d5b21ef3c73b7fd1bbc92d593173
- SHA1
  
  ed769cbb2d825b253601d28f51da7c6ee4a4c29b
- SHA256
  
  4585f6882a3bd70bf7b2468ce35808190af34335eb0b37f477363bb2f4d52f12
- SHA512
  
  a9a2ba2e93873ce48884712589a42f47817f4d4a054e4c2b892a9b2f98e1413524880c48ea3f617258c37b5d63aec959cfbf96527af5769ef53fe4ee60d9ec09
- SSDEEP
  
  6144:TJ8mth3sLt+Aqj3FVzpe5ZFzbLXLe86HGrHnQ2Jx:uWJs+Y5ZFzPy86HOHH
Score

10^/10

gozi 3435 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3435bankerisfbtrojan

behavioral2

gozi3435bankerisfbtrojan