gozi | eaeb42576fb19b866abdc99b5b8f867f3c69d8da9e941f2ca5af1f0e3e342a6c | Triage

Sharing

General

Target

262590037c93a5496b38565c9dfc85d8_JaffaCakes118
Size

335KB
Sample

240704-zhw7fsxgln
MD5

262590037c93a5496b38565c9dfc85d8
SHA1

29616a643f896d6ab55d7129a813fa4056400c0e
SHA256

eaeb42576fb19b866abdc99b5b8f867f3c69d8da9e941f2ca5af1f0e3e342a6c
SHA512

c566f68a5d8b6769595836bffdf7e05b439a9a26ed7a500348a6ca4dea3effbdf0db1da64d219b7c6ac35143604782d5ffd47633a6297e3191224210d4de0bee
SSDEEP

3072:lYEuU/HsL0icNk2S/G7xBYT147Q1zzWpYnJw19qVFXEqnQvSoLRRybz5m76nf7fF:ypGHq8ujuVeZWQ1WmnaHqrCybs+fbpC

Score

10^/10

gozi 4355 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

4355

C2

updates.microsoft.com

haloopolikosul.xyz

trapolikoliosilios.xyz

Attributes

base_path
/manifest/
build
250177
dga_season
10
exe_type
loader
extension
.cnx
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  262590037c93a5496b38565c9dfc85d8_JaffaCakes118
- Size
  
  335KB
- MD5
  
  262590037c93a5496b38565c9dfc85d8
- SHA1
  
  29616a643f896d6ab55d7129a813fa4056400c0e
- SHA256
  
  eaeb42576fb19b866abdc99b5b8f867f3c69d8da9e941f2ca5af1f0e3e342a6c
- SHA512
  
  c566f68a5d8b6769595836bffdf7e05b439a9a26ed7a500348a6ca4dea3effbdf0db1da64d219b7c6ac35143604782d5ffd47633a6297e3191224210d4de0bee
- SSDEEP
  
  3072:lYEuU/HsL0icNk2S/G7xBYT147Q1zzWpYnJw19qVFXEqnQvSoLRRybz5m76nf7fF:ypGHq8ujuVeZWQ1WmnaHqrCybs+fbpC
Score

10^/10

gozi 4355 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi4355bankerisfbtrojan

behavioral2

gozi4355bankerisfbtrojan