gozi

General

Target

d7bf1746232e20ee8c4542045962f3ca_JaffaCakes118
Size

455KB
Sample

240910-hm5kysselb
MD5

d7bf1746232e20ee8c4542045962f3ca
SHA1

0d5d956638a9a76f361c5fed3ac2cd27648324dc
SHA256

1a4828762a639d30ac674861dddeb8bae3aa2e87a4a6fe6b602a58112f5f0a95
SHA512

c95206819ed9f62ef39207c3959fc79ad1ae5ae93a71b71537705c3ca7ebe94f03d622b4318d0383c9489e2d0f876c5aef7b0264df8aa0147b8359cf9ba550a2
SSDEEP

6144:pk69oa2DnZot8e/toa/YhFdXtH9dXfZNJIYb9eHg1jgw:pF72DnOt1NiH9dXRgw

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214062

Extracted

Family

gozi

Botnet

3183

C2

v99jarret3287x.com

huymireyai.company

so64a92elody.email

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  d7bf1746232e20ee8c4542045962f3ca_JaffaCakes118
- Size
  
  455KB
- MD5
  
  d7bf1746232e20ee8c4542045962f3ca
- SHA1
  
  0d5d956638a9a76f361c5fed3ac2cd27648324dc
- SHA256
  
  1a4828762a639d30ac674861dddeb8bae3aa2e87a4a6fe6b602a58112f5f0a95
- SHA512
  
  c95206819ed9f62ef39207c3959fc79ad1ae5ae93a71b71537705c3ca7ebe94f03d622b4318d0383c9489e2d0f876c5aef7b0264df8aa0147b8359cf9ba550a2
- SSDEEP
  
  6144:pk69oa2DnZot8e/toa/YhFdXtH9dXfZNJIYb9eHg1jgw:pF72DnOt1NiH9dXRgw
Score

10^/10

gozi 3183 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2