gozi | f3bbdcf40bca186b7d4a7df5b143cc1745549404444e8e17a5e53ec32e0019f9 | Triage

Sharing

General

Target

698ea81c77251a015df056d78f9c8927_JaffaCakes118
Size

203KB
Sample

240523-dr3vpsca85
MD5

698ea81c77251a015df056d78f9c8927
SHA1

71a71a1292320af6ff2f9f6cf389f70d565cadd9
SHA256

f3bbdcf40bca186b7d4a7df5b143cc1745549404444e8e17a5e53ec32e0019f9
SHA512

a0ece5cc4372e7602c52f7d34b2ebb1f9c4b50714a8ee77eaee5d1fc802043401656a5b8d3830c922dc8899c08dc9ba01a917c4373019ba0a02a1b9551f5f3da
SSDEEP

3072:9Cji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Mdp4uPZzGonqXGXh0bluBc4GZ5

Score

10^/10

gozi 3162 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  698ea81c77251a015df056d78f9c8927_JaffaCakes118
- Size
  
  203KB
- MD5
  
  698ea81c77251a015df056d78f9c8927
- SHA1
  
  71a71a1292320af6ff2f9f6cf389f70d565cadd9
- SHA256
  
  f3bbdcf40bca186b7d4a7df5b143cc1745549404444e8e17a5e53ec32e0019f9
- SHA512
  
  a0ece5cc4372e7602c52f7d34b2ebb1f9c4b50714a8ee77eaee5d1fc802043401656a5b8d3830c922dc8899c08dc9ba01a917c4373019ba0a02a1b9551f5f3da
- SSDEEP
  
  3072:9Cji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Mdp4uPZzGonqXGXh0bluBc4GZ5
Score

10^/10

gozi 3162 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3162bankerisfbtrojan

behavioral2

gozi3162bankerisfbtrojan