gozi

General

Target

d6104fbaaf8a5c9bb1ee5bcb6021ca0a_JaffaCakes118
Size

433KB
Sample

240909-lqltssthnc
MD5

d6104fbaaf8a5c9bb1ee5bcb6021ca0a
SHA1

5fd203676511c282b25d1b67e598737eac0d1945
SHA256

43da798c8942ec1aa2dc22c8de77ad52791c3b6b721cb02875275eb3039361f0
SHA512

1ba783277bbe69e09fea6af8bb76dcc0883e77e6113edeeabc9b43318927be1bf4e5066543059cf15226fbec19b5c911ec50a8fad3b738928b159ae134e4984f
SSDEEP

12288:RxpU/mkDDtWRErl8AxGI8RVcZe9K+SsGQ/KT8G:Lp56m26MSVcZj

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214082

Extracted

Family

gozi

Botnet

3358

C2

woa79ewinfield.club

n4curtispablo.info

w3438e49rodolfo.info

Attributes

build
214082
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  d6104fbaaf8a5c9bb1ee5bcb6021ca0a_JaffaCakes118
- Size
  
  433KB
- MD5
  
  d6104fbaaf8a5c9bb1ee5bcb6021ca0a
- SHA1
  
  5fd203676511c282b25d1b67e598737eac0d1945
- SHA256
  
  43da798c8942ec1aa2dc22c8de77ad52791c3b6b721cb02875275eb3039361f0
- SHA512
  
  1ba783277bbe69e09fea6af8bb76dcc0883e77e6113edeeabc9b43318927be1bf4e5066543059cf15226fbec19b5c911ec50a8fad3b738928b159ae134e4984f
- SSDEEP
  
  12288:RxpU/mkDDtWRErl8AxGI8RVcZe9K+SsGQ/KT8G:Lp56m26MSVcZj
Score

10^/10

gozi 3358 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2