gozi | 5a71b92d9d691754a5ff056b7d4aa819e26f2e55485d17623c5be00e431d91f8 | Triage

Sharing

General

Target

94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump.bin.exe
Size

38KB
Sample

240529-arrkwsaf7x
MD5

7732d02d81d8c0b5b22cd6eab1b754f6
SHA1

490743abb712f9875b9146e398a9e1b85ec84438
SHA256

5a71b92d9d691754a5ff056b7d4aa819e26f2e55485d17623c5be00e431d91f8
SHA512

d6e657d4824a4d79e771c3ec20006a216c4e25b47c2d9cdf230bc71973fd7fb0ec965aac8568f226d59d55dfe5705866b3f6e6b9e7d5d872afe15b2a96a77f19
SSDEEP

768:3yyQXfpwh0ZOds/5EXv2C54NbptaDL0grngoZHYgXLBYfUV:3y9fpvZOdsx2v2+4b/aDLDrnpYgXLKf

Score

10^/10

gozi 4780 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214084

Extracted

Family

gozi

Botnet

4780

C2

microsoft.com

avast.com

Attributes

build
214084
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  94411f0873e6410d644c8a630ffbdf387639fab05fbcda468a343ff3b5db246f_dump.bin.exe
- Size
  
  38KB
- MD5
  
  7732d02d81d8c0b5b22cd6eab1b754f6
- SHA1
  
  490743abb712f9875b9146e398a9e1b85ec84438
- SHA256
  
  5a71b92d9d691754a5ff056b7d4aa819e26f2e55485d17623c5be00e431d91f8
- SHA512
  
  d6e657d4824a4d79e771c3ec20006a216c4e25b47c2d9cdf230bc71973fd7fb0ec965aac8568f226d59d55dfe5705866b3f6e6b9e7d5d872afe15b2a96a77f19
- SSDEEP
  
  768:3yyQXfpwh0ZOds/5EXv2C54NbptaDL0grngoZHYgXLBYfUV:3y9fpvZOdsx2v2+4b/aDLDrnpYgXLKf
Score

10^/10

gozi 4780 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozi4780bankerisfbtrojan