gozi | eac2aee6b368e21e8268c0b43dede5b863e75db8f8815d6011e9cc91d2d04334 | Triage

Sharing

General

Target

54645e480f42f0fd6553dd84925fc652_JaffaCakes118
Size

185KB
Sample

240518-m8635agd74
MD5

54645e480f42f0fd6553dd84925fc652
SHA1

55549ff0d413f169796023c502fb29e72d2217e1
SHA256

eac2aee6b368e21e8268c0b43dede5b863e75db8f8815d6011e9cc91d2d04334
SHA512

ce3bb4c95bd9fba4a46c111c6ed312fcf0404029ee9ada7c74473a5efd0450a08061d1e30d66a2d8d0799749576df534d892fcbec5d028e620e4d7b4f305a094
SSDEEP

3072:eu94wHeYVfD93uh/TATDB4GbUQwTOuAjOBXmBj4/s2NUamijQ+dk4a:R4/WD96oOGLuOzjYem/+F5e

Score

10^/10

gozi 1000 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
217108

Extracted

Family

gozi

Botnet

1000

C2

http://form-updater.at

Attributes

build
217108
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
dns_servers
107.174.86.134
107.175.127.22
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  54645e480f42f0fd6553dd84925fc652_JaffaCakes118
- Size
  
  185KB
- MD5
  
  54645e480f42f0fd6553dd84925fc652
- SHA1
  
  55549ff0d413f169796023c502fb29e72d2217e1
- SHA256
  
  eac2aee6b368e21e8268c0b43dede5b863e75db8f8815d6011e9cc91d2d04334
- SHA512
  
  ce3bb4c95bd9fba4a46c111c6ed312fcf0404029ee9ada7c74473a5efd0450a08061d1e30d66a2d8d0799749576df534d892fcbec5d028e620e4d7b4f305a094
- SSDEEP
  
  3072:eu94wHeYVfD93uh/TATDB4GbUQwTOuAjOBXmBj4/s2NUamijQ+dk4a:R4/WD96oOGLuOzjYem/+F5e
Score

10^/10

gozi 1000 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozi1000bankerisfbtrojan

behavioral2

gozi1000bankerisfbtrojan