gozi | e7ea99b780111336c9a8c301c18e9d93ef7d13eace98fe3bb9d844b305736316 | Triage

Sharing

General

Target

b4c988a94242af0afe8b6b367f032a8d_JaffaCakes118
Size

203KB
Sample

240616-x226pstekc
MD5

b4c988a94242af0afe8b6b367f032a8d
SHA1

c576a66700914ea941f1cd8406a3f97d4ead0bd7
SHA256

e7ea99b780111336c9a8c301c18e9d93ef7d13eace98fe3bb9d844b305736316
SHA512

3fb5309d9f7e1547b7349cf241a9c3cb7cd0f934f751929d125d687467d5ea5fe180fbae1cd03e64502dca999e6b39e3f3a0b9be0782f4128fa96904e323d8e3
SSDEEP

3072:90ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9+dp4uPZzGonqXGXh0bluBc4GZ5

Score

10^/10

gozi 3162 banker isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
215165

Extracted

Family

gozi

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com

Attributes

build
215165
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  b4c988a94242af0afe8b6b367f032a8d_JaffaCakes118
- Size
  
  203KB
- MD5
  
  b4c988a94242af0afe8b6b367f032a8d
- SHA1
  
  c576a66700914ea941f1cd8406a3f97d4ead0bd7
- SHA256
  
  e7ea99b780111336c9a8c301c18e9d93ef7d13eace98fe3bb9d844b305736316
- SHA512
  
  3fb5309d9f7e1547b7349cf241a9c3cb7cd0f934f751929d125d687467d5ea5fe180fbae1cd03e64502dca999e6b39e3f3a0b9be0782f4128fa96904e323d8e3
- SSDEEP
  
  3072:90ji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9+dp4uPZzGonqXGXh0bluBc4GZ5
Score

10^/10

gozi 3162 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3162bankerisfbtrojan

behavioral2

gozi3162bankerisfbtrojan