gozi | 4240b7edc1481025850135770a0309c00c3b282312c7377687b755ba1983881b | Triage

Sharing

General

Target

50c687ae724cdeca291a8b22afda15ea_JaffaCakes118
Size

139KB
Sample

240517-wnkttsbg83
MD5

50c687ae724cdeca291a8b22afda15ea
SHA1

796586343d53717f48425d85d6824b30576cd139
SHA256

4240b7edc1481025850135770a0309c00c3b282312c7377687b755ba1983881b
SHA512

81dafcce466d729b5356515b84bbf7fdf69470258797565cd88bf6e5ecbe5d6098606d55106b8a9dd251645945bd0f90593e382b57e5251b9f7893c54e5900c2
SSDEEP

3072:K17ujx+j3Y2QoGRSd7I9VvB0i+Enq5L0pq/43M:Ktu1+j3YJ1RIwTqL0c/j

Score

10^/10

gozi 3134 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
215165

Extracted

Family

gozi

Botnet

3134

C2

zweideckei.com

ziebelschr.com

endetztera.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  50c687ae724cdeca291a8b22afda15ea_JaffaCakes118
- Size
  
  139KB
- MD5
  
  50c687ae724cdeca291a8b22afda15ea
- SHA1
  
  796586343d53717f48425d85d6824b30576cd139
- SHA256
  
  4240b7edc1481025850135770a0309c00c3b282312c7377687b755ba1983881b
- SHA512
  
  81dafcce466d729b5356515b84bbf7fdf69470258797565cd88bf6e5ecbe5d6098606d55106b8a9dd251645945bd0f90593e382b57e5251b9f7893c54e5900c2
- SSDEEP
  
  3072:K17ujx+j3Y2QoGRSd7I9VvB0i+Enq5L0pq/43M:Ktu1+j3YJ1RIwTqL0c/j
Score

10^/10

gozi 3134 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3134bankerisfbtrojan

behavioral2

gozi3134bankerisfbtrojan