gozi | 664ea322e6547555932ef477e03fa5b953ec980a4ed4300fd91d8fd86a325e09 | Triage

Sharing

General

Target

5333a8028037aa7f930852656ebe1ef5_JaffaCakes118
Size

296KB
Sample

240518-f9mbsadh5w
MD5

5333a8028037aa7f930852656ebe1ef5
SHA1

2ac783c46074084eef9d4709e6d988870d2923bd
SHA256

664ea322e6547555932ef477e03fa5b953ec980a4ed4300fd91d8fd86a325e09
SHA512

ace591f9dc7a1cb329c0c813e431f88e0f97644e252e81a1069ccde9592804247c444686d85cd71f3adbf1ac2b2d8d14d8129052991e5da0c524ec4a166f9ee2
SSDEEP

3072:zbwmc9TBhxwFKZGWmk7XUzlvxHaQKA/2NND9vcJHCzSW2rSw+GAqYq:z3cxBoFPWZwxxansY0JiOraGZ

Score

10^/10

gozi 3537 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214107

Extracted

Family

gozi

Botnet

3537

C2

gmail.com

google.com

fjavieryvette94.com

wk1122roxanne.com

gs85elmoreobs.com

Attributes

build
214107
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  5333a8028037aa7f930852656ebe1ef5_JaffaCakes118
- Size
  
  296KB
- MD5
  
  5333a8028037aa7f930852656ebe1ef5
- SHA1
  
  2ac783c46074084eef9d4709e6d988870d2923bd
- SHA256
  
  664ea322e6547555932ef477e03fa5b953ec980a4ed4300fd91d8fd86a325e09
- SHA512
  
  ace591f9dc7a1cb329c0c813e431f88e0f97644e252e81a1069ccde9592804247c444686d85cd71f3adbf1ac2b2d8d14d8129052991e5da0c524ec4a166f9ee2
- SSDEEP
  
  3072:zbwmc9TBhxwFKZGWmk7XUzlvxHaQKA/2NND9vcJHCzSW2rSw+GAqYq:z3cxBoFPWZwxxansY0JiOraGZ
Score

10^/10

gozi 3537 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3537bankerisfbtrojan

behavioral2

gozi3537bankerisfbtrojan