gozi | 8c674b14f38c946e3898dc021f3aab800df07ef27b23085daafc2ce76725e004 | Triage

Sharing

General

Target

8c674b14f38c946e3898dc021f3aab800df07ef27b23085daafc2ce76725e004
Size

3.8MB
Sample

240729-pjtgvasdpf
MD5

44506f1b0f246e0c0309ba07a410cf8c
SHA1

8f2f202aee0067a7711dcf7b1d4c38e52d3b7133
SHA256

8c674b14f38c946e3898dc021f3aab800df07ef27b23085daafc2ce76725e004
SHA512

1a2acde17ecf399b26bff8379e4730f9270e5f78d4ab76b9f163ec5144b572912ea1e884ca53cf8eb365a7dacf576f5d2318e1cc2937baa18f6da12392ca6361
SSDEEP

98304:hooc8/NTAIMkgnMxJmkryqMy8zAPrS+J+0Qnll:rH/NYkg4z8y8crXJ+0Ill

Score

10^/10

gozi banker discovery evasion isfb trojan upx

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  www.DriverOff.net.url
- Size
  
  102B
- MD5
  
  1c2e46fb1475403ef1fdaa0c524cfa0b
- SHA1
  
  630802f10a8d8d71d517fe7b526b863b4ab8188e
- SHA256
  
  beb45eedc14afee6af26aa095e3e3ec320ff51c63e35f35f5ed3618f2ba9eb20
- SHA512
  
  fde01c602a3969b2bd1d16ef606a0947572874bfe3f054cc3b1820fe5dc049c720223f6a478071d7453b72189f8a866c9299abed57ac3e66f73a49ff4dd3adc3
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  www.SamLab.ws.url
- Size
  
  94B
- MD5
  
  0e1dd474d5e67962ab4d3fbc81e33aa3
- SHA1
  
  600a0da0d285ca8dd96205be792c277040b2425e
- SHA256
  
  f234c331d3d80f9984b7737e1d460e702a7c8ef148f46d51f0f9216701403731
- SHA512
  
  1c864d399399d85b5504af8ededf2619bf2b0d751e670d72872f941b0272df64d117f86c94815ff2277e37e39c69f5dfdd9ce985d046eef204e7d9204c3321df
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  SDI_R1750.exe
- Size
  
  1.4MB
- MD5
  
  be195299dd91c083abe932f35f936347
- SHA1
  
  db49e29677816c326c40b6feb1515506c253059b
- SHA256
  
  0030785f5852d9f73a8eb20fc17c38171975d3f49f7679e3d0a361b7c572152c
- SHA512
  
  e0d70f3a52f90b57a1cccd66da120daa286c1935a03d721991db175a95af219f7ed05e3fe0d5e00ba5abf35d674e9e244376e232a3e1110ae4881e3c989a2e4f
- SSDEEP
  
  24576:nAtl7b/V+/UpdSPuX1Qf9cxKqm/zJNk798x36OZJFQ1riOA/8HRvUApC/N7XKGEu:nUFb/V+/ilQ21m7JNkuP1Qd1RvrCluY
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  SDI_auto.bat
- Size
  
  817B
- MD5
  
  23a5a80148e2ad4e291341558e5eee33
- SHA1
  
  c6ae7f221f94101aa8e10ee6da05e3d0c18a2cea
- SHA256
  
  6204ef7b56c0ccce1c09cd3a67af56439a86287c38d7cad32908b207dd76193f
- SHA512
  
  9185955101d1f8e9a0109f02873cf4288b431cbe7d44effdb8555acc987dde1a204622a5fcd3708b104974818292d1fea84c371023da6af6632ede4b25db42c7
Score

10^/10

gozi banker isfb trojan upx
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  SDI_x64_R1750.exe
- Size
  
  1.5MB
- MD5
  
  4080ce326d7ec844f7a9953d2b9be84b
- SHA1
  
  fb0baf215eaef5ab0c388207166ac3ad24dc01a2
- SHA256
  
  4e012337722cf562f9857fad64b97760ebe4330c5e872e2f0203b92bb83de7fd
- SHA512
  
  43245422ad94c513af2650aa22f8c7ba81fbbcc588f05ae9e402c213132727284df32d89bd1078e68c56b3fe16d4999361856119c3e7abd9cacb972b54d10e64
- SSDEEP
  
  49152:zTChl1COJhTXB8FFpSxWd2nJgtRAPP4qR:gQOJIbpS0dAAA1R
Score

10^/10

gozi banker isfb trojan upx
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojan

behavioral2

behavioral3

discoveryevasiontrojan

behavioral4

behavioral5

behavioral6

behavioral7

gozibankerisfbtrojanupx

behavioral8

gozibankerisfbtrojanupx

behavioral9

gozibankerisfbtrojanupx

behavioral10

gozibankerisfbtrojanupx