gozi | 516dca664efe609f1122e4b18254a593e0303f5e48f29c23ceb182eed6e80752 | Triage

Sharing

General

Target

51226acc4ee302705b33e557214a0bc9_JaffaCakes118
Size

269KB
Sample

240517-x98cpafb3z
MD5

51226acc4ee302705b33e557214a0bc9
SHA1

fadbc963b2a75f2e3ae7b00ff6c3d805e1b38788
SHA256

516dca664efe609f1122e4b18254a593e0303f5e48f29c23ceb182eed6e80752
SHA512

7b39e71ade5ad1d47e4b0b00949288d614b51ec57f6d4dd3d6f9d2d2de45667d4d585d7212dde4281030e2069a4c36ba86ff1c43564c2aee5447aebe2c011a87
SSDEEP

6144:rVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:rVfjDmtW/adCC4/UIsBhN/5

Score

10^/10

gozi 3151 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
215165

Extracted

Family

gozi

Botnet

3151

C2

zardinglog.com

sycingshbo.com

imminesenc.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  51226acc4ee302705b33e557214a0bc9_JaffaCakes118
- Size
  
  269KB
- MD5
  
  51226acc4ee302705b33e557214a0bc9
- SHA1
  
  fadbc963b2a75f2e3ae7b00ff6c3d805e1b38788
- SHA256
  
  516dca664efe609f1122e4b18254a593e0303f5e48f29c23ceb182eed6e80752
- SHA512
  
  7b39e71ade5ad1d47e4b0b00949288d614b51ec57f6d4dd3d6f9d2d2de45667d4d585d7212dde4281030e2069a4c36ba86ff1c43564c2aee5447aebe2c011a87
- SSDEEP
  
  6144:rVfmmDgASD5W/adCxsT4/YFqBcIsBGOhN/35:rVfjDmtW/adCC4/UIsBhN/5
Score

10^/10

gozi 3151 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3151bankerisfbtrojan

behavioral2

gozi3151bankerisfbtrojan