gozi | 1f489fc6703dd57a5d322a920c98c60b0a9be1168147e3ab1f0db8fa2ba03dae | Triage

Sharing

General

Target

8917246255464c041babe1b821d2441a_JaffaCakes118
Size

161KB
Sample

240601-cp76zafb46
MD5

8917246255464c041babe1b821d2441a
SHA1

304f9514972fdc3106f0e95b5a7bbeac51eb1fde
SHA256

1f489fc6703dd57a5d322a920c98c60b0a9be1168147e3ab1f0db8fa2ba03dae
SHA512

9be13397919b74912670837c72c239ea04939f9366fddbdd4a27f1c9f75e0141fdd7c3e3c07baa9ec4824ca68411a2589d20a6beb7981d6498a2d5553232dd97
SSDEEP

3072:7yZq5YskO4qMeR6Xi38vWp3ZzYvlH6lf3FAz8MubyrO:7LYskDQAT+Yvla3M

Score

10^/10

gozi 7225 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

7225

C2

porp53334.yahoo.com

web.plainfielddentalcare.com

Attributes

build
250154
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  8917246255464c041babe1b821d2441a_JaffaCakes118
- Size
  
  161KB
- MD5
  
  8917246255464c041babe1b821d2441a
- SHA1
  
  304f9514972fdc3106f0e95b5a7bbeac51eb1fde
- SHA256
  
  1f489fc6703dd57a5d322a920c98c60b0a9be1168147e3ab1f0db8fa2ba03dae
- SHA512
  
  9be13397919b74912670837c72c239ea04939f9366fddbdd4a27f1c9f75e0141fdd7c3e3c07baa9ec4824ca68411a2589d20a6beb7981d6498a2d5553232dd97
- SSDEEP
  
  3072:7yZq5YskO4qMeR6Xi38vWp3ZzYvlH6lf3FAz8MubyrO:7LYskDQAT+Yvla3M
Score

10^/10

gozi 7225 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi7225bankerisfbtrojan

behavioral2