gozi | ffc94a044cf375139e6841a0c68fe004c837d172eaa07612850120b5e79751dc | Triage

Sharing

General

Target

75c8aa03275d1e67fc7ce9c20385c123_JaffaCakes118
Size

1.8MB
Sample

240526-rssysaac46
MD5

75c8aa03275d1e67fc7ce9c20385c123
SHA1

67a7b25a7792aed6036acb7996843414e2b9e227
SHA256

ffc94a044cf375139e6841a0c68fe004c837d172eaa07612850120b5e79751dc
SHA512

5b82361aeef4ce9cb5c51d1d0aab4ffb6e2db72aefa21329f4d14cc6f43a594859ecbbb321f1fd737e6143a5d90e863a1c6b25750ac5c217ba1104ff5126976a
SSDEEP

49152:4SuE3qtrqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3OqPKIOson6Cslny8WR6wOHstehsC7

Score

10^/10

gozi 3184 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214062

Extracted

Family

gozi

Botnet

3184

C2

qfelicialew.city

mzg4958lc.com

gxuxwnszau.band

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  75c8aa03275d1e67fc7ce9c20385c123_JaffaCakes118
- Size
  
  1.8MB
- MD5
  
  75c8aa03275d1e67fc7ce9c20385c123
- SHA1
  
  67a7b25a7792aed6036acb7996843414e2b9e227
- SHA256
  
  ffc94a044cf375139e6841a0c68fe004c837d172eaa07612850120b5e79751dc
- SHA512
  
  5b82361aeef4ce9cb5c51d1d0aab4ffb6e2db72aefa21329f4d14cc6f43a594859ecbbb321f1fd737e6143a5d90e863a1c6b25750ac5c217ba1104ff5126976a
- SSDEEP
  
  49152:4SuE3qtrqPKIO23Hlin6COYolnyJ2WR6wOHste0uIlCj790Lhf4xC0FyQ4L6nd:3L3OqPKIOson6Cslny8WR6wOHstehsC7
Score

10^/10

gozi 3184 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3184bankerisfbtrojan

behavioral2

gozi3184bankerisfbtrojan