gozi | 31800f72d5064decba0418c0373cdffed2c79e40f2132be47e68f55bf73ed6a2 | Triage

Sharing

General

Target

8e2474a8802e99e5628e547e3c54a1d1_JaffaCakes118
Size

264KB
Sample

240602-p4832acg91
MD5

8e2474a8802e99e5628e547e3c54a1d1
SHA1

d1f78a844ca336d53bca545f49c19bc15fe43139
SHA256

31800f72d5064decba0418c0373cdffed2c79e40f2132be47e68f55bf73ed6a2
SHA512

dcb4fb40043d088a43f9973f7ed37c6206d92462c76d1fc0f8be22e56a64fc0a7ffe24735b67cc8dba25bac81e340d82ab7e9522e55baafc90f8999048725160
SSDEEP

3072:5fmYfcsfDfKaWVFEYyMp3cKAArDZz4N9GhbkENEkwt:shEWf9pxyN90vETt

Score

10^/10

gozi 3468 banker isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

3468

C2

google.com

gmail.com

majavontehm.com

bstacyr79ea.com

scandace79yy.com

Attributes

build
214085
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  8e2474a8802e99e5628e547e3c54a1d1_JaffaCakes118
- Size
  
  264KB
- MD5
  
  8e2474a8802e99e5628e547e3c54a1d1
- SHA1
  
  d1f78a844ca336d53bca545f49c19bc15fe43139
- SHA256
  
  31800f72d5064decba0418c0373cdffed2c79e40f2132be47e68f55bf73ed6a2
- SHA512
  
  dcb4fb40043d088a43f9973f7ed37c6206d92462c76d1fc0f8be22e56a64fc0a7ffe24735b67cc8dba25bac81e340d82ab7e9522e55baafc90f8999048725160
- SSDEEP
  
  3072:5fmYfcsfDfKaWVFEYyMp3cKAArDZz4N9GhbkENEkwt:shEWf9pxyN90vETt
Score

10^/10

gozi 3468 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3468bankerisfbtrojan

behavioral2

gozi3468bankerisfbtrojan