gozi | 307fadeca335f8729376a5d4c394b7dc54c76fd66a9af6f538259fe14f1a8017 | Triage

Sharing

General

Target

768eef31f6684aa46d9e20c8e7fa4b50_JaffaCakes118
Size

203KB
Sample

240526-x4es7aha5z
MD5

768eef31f6684aa46d9e20c8e7fa4b50
SHA1

28efa1217518cf2d1f95d752c304efab4e55a31f
SHA256

307fadeca335f8729376a5d4c394b7dc54c76fd66a9af6f538259fe14f1a8017
SHA512

fcdb8ce4ba3fe1b3623acc6330876f51765a673cbf28d39f745734c6eda217308286e5dcc31a304e83eef413e7722a03a65957a3674a9d8aa1821fc38ea9f838
SSDEEP

3072:97ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Pdp4uPZzGonqXGXh0bluBc4GZ5

Score

10^/10

gozi 3162 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  768eef31f6684aa46d9e20c8e7fa4b50_JaffaCakes118
- Size
  
  203KB
- MD5
  
  768eef31f6684aa46d9e20c8e7fa4b50
- SHA1
  
  28efa1217518cf2d1f95d752c304efab4e55a31f
- SHA256
  
  307fadeca335f8729376a5d4c394b7dc54c76fd66a9af6f538259fe14f1a8017
- SHA512
  
  fcdb8ce4ba3fe1b3623acc6330876f51765a673cbf28d39f745734c6eda217308286e5dcc31a304e83eef413e7722a03a65957a3674a9d8aa1821fc38ea9f838
- SSDEEP
  
  3072:97ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9Pdp4uPZzGonqXGXh0bluBc4GZ5
Score

10^/10

gozi 3162 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3162bankerisfbtrojan

behavioral2

gozi3162bankerisfbtrojan