gozi | 246f9c1e770dd0da69bb4850892f826c0b8a72f3ec28a25da33a92b78fcf80f6 | Triage

Sharing

General

Target

68435e31d4782dbcebd3f2cd32c1bec2_JaffaCakes118
Size

376KB
Sample

240522-xhc3gacg46
MD5

68435e31d4782dbcebd3f2cd32c1bec2
SHA1

36e3744744ddaac1f24c6e07951ff88570757654
SHA256

246f9c1e770dd0da69bb4850892f826c0b8a72f3ec28a25da33a92b78fcf80f6
SHA512

550a20e0d75bd2579d14c3b9e708a4a0c4924c2fbf36fcc22812a00a7a69450e8f3498cc0e55453a907e3fb3e010b5e4620f16f7d3323767139258b1ed4e1034
SSDEEP

3072:hkyrSmefi8xQRv00gDg4JmUrQrY17hJHe0KuVuPi6d+YShwaqz+UQc/uGkn3dK:hkal2i8WjgDYY9hhFxTyUOaMkN

Score

10^/10

gozi 3195 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

3195

C2

nsyblefgg.city

m25lni11528.com

dgrover.band

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  68435e31d4782dbcebd3f2cd32c1bec2_JaffaCakes118
- Size
  
  376KB
- MD5
  
  68435e31d4782dbcebd3f2cd32c1bec2
- SHA1
  
  36e3744744ddaac1f24c6e07951ff88570757654
- SHA256
  
  246f9c1e770dd0da69bb4850892f826c0b8a72f3ec28a25da33a92b78fcf80f6
- SHA512
  
  550a20e0d75bd2579d14c3b9e708a4a0c4924c2fbf36fcc22812a00a7a69450e8f3498cc0e55453a907e3fb3e010b5e4620f16f7d3323767139258b1ed4e1034
- SSDEEP
  
  3072:hkyrSmefi8xQRv00gDg4JmUrQrY17hJHe0KuVuPi6d+YShwaqz+UQc/uGkn3dK:hkal2i8WjgDYY9hhFxTyUOaMkN
Score

10^/10

gozi 3195 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3195bankerisfbtrojan

behavioral2

gozi3195bankerisfbtrojan