gozi | b8372f8b7dc2f7b249fcdd8fd59e8f3e8fd719c581dfe1940a79918b06c6cf74 | Triage

Sharing

General

Target

808615a64ee4bf4cdb4d9d34eb29b0ef_JaffaCakes118
Size

547KB
Sample

240529-m6dnssdb32
MD5

808615a64ee4bf4cdb4d9d34eb29b0ef
SHA1

f9bba8e3c949b29a16825547c67f7e77f346dcf5
SHA256

b8372f8b7dc2f7b249fcdd8fd59e8f3e8fd719c581dfe1940a79918b06c6cf74
SHA512

28beeec7fb1664c150a56f9935ae444bbed00f0aadc4bd4d575e322c5fbff9df458d7dc182705a20c1435209818103842cc0620e855889fb7b1eedbb7531c01a
SSDEEP

6144:uVJt7IsATy65KJZnF/gYdpOLwgF/lauaS7tsPUF18avHUwAIgJ+ke:uFTM5utF/tdpm37tKO6asJIgJt

Score

10^/10

gozi 3187 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214062

Extracted

Family

gozi

Botnet

3187

C2

qrodericky94.company

g77yelsao.company

tromainevirginia.email

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  808615a64ee4bf4cdb4d9d34eb29b0ef_JaffaCakes118
- Size
  
  547KB
- MD5
  
  808615a64ee4bf4cdb4d9d34eb29b0ef
- SHA1
  
  f9bba8e3c949b29a16825547c67f7e77f346dcf5
- SHA256
  
  b8372f8b7dc2f7b249fcdd8fd59e8f3e8fd719c581dfe1940a79918b06c6cf74
- SHA512
  
  28beeec7fb1664c150a56f9935ae444bbed00f0aadc4bd4d575e322c5fbff9df458d7dc182705a20c1435209818103842cc0620e855889fb7b1eedbb7531c01a
- SSDEEP
  
  6144:uVJt7IsATy65KJZnF/gYdpOLwgF/lauaS7tsPUF18avHUwAIgJ+ke:uFTM5utF/tdpm37tKO6asJIgJt
Score

10^/10

gozi 3187 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3187bankerisfbtrojan

behavioral2

gozi3187bankerisfbtrojan