gozi | fe6a6d1e57b00eef714b1e3bedbc96a786f6749d6eb822bc14a7a7e4913ce1b0 | Triage

Sharing

General

Target

injector.exe
Size

12KB
Sample

240601-x4brjadb69
MD5

ea74d941f3d9b92bd05de9ef96b5f6c5
SHA1

e912ddd0828cbef8ff6555818fabf06e235d08f5
SHA256

fe6a6d1e57b00eef714b1e3bedbc96a786f6749d6eb822bc14a7a7e4913ce1b0
SHA512

11cdb3412abb0acfc3598f89741691094147bd421d0f4fd21cc66bff3797e40e9ff0c8f913821b898759d67e852584fb868e705c4fa217618589f8078b2a3213
SSDEEP

192:61Cs6L8OVuRWCfIvzYknpp4r0xv0iSe8GA7HaN+Xdzl4PFUZ8izxH8J+IBy:dsOxCfIvzFB5XE6OzlakrtHqo

Score

10^/10

gozi banker isfb spyware stealer trojan

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  injector.exe
- Size
  
  12KB
- MD5
  
  ea74d941f3d9b92bd05de9ef96b5f6c5
- SHA1
  
  e912ddd0828cbef8ff6555818fabf06e235d08f5
- SHA256
  
  fe6a6d1e57b00eef714b1e3bedbc96a786f6749d6eb822bc14a7a7e4913ce1b0
- SHA512
  
  11cdb3412abb0acfc3598f89741691094147bd421d0f4fd21cc66bff3797e40e9ff0c8f913821b898759d67e852584fb868e705c4fa217618589f8078b2a3213
- SSDEEP
  
  192:61Cs6L8OVuRWCfIvzYknpp4r0xv0iSe8GA7HaN+Xdzl4PFUZ8izxH8J+IBy:dsOxCfIvzFB5XE6OzlakrtHqo
Score

10^/10

gozi banker isfb spyware stealer trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

gozibankerisfbspywarestealertrojan