gozi | 89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

d80c29813b...18.dll

windows7-x64

d80c29813b...18.dll

windows10-2004-x64

Sharing

General

Target

d80c29813bfbc3cbcbd469249d49ebf3_JaffaCakes118
Size

458KB
Sample

240910-l6wzpsyblq
MD5

d80c29813bfbc3cbcbd469249d49ebf3
SHA1

b714a2ce92e01f9e63825ba1562988b0eb8b3a90
SHA256

89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a
SHA512

451c74e6d18999de7f859e054a845db56de38e42b3efcce81a6ddc606ab41b2b63ecd5a75b7113f4778d7ffdb23537100b7c41ceb61e1f5c48af5b1725fd041c
SSDEEP

6144:ybtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:ymmCVRtPvq2+d/

Score

10^/10

gozi banker discovery isfb persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d80c29813bfbc3cbcbd469249d49ebf3_JaffaCakes118.dll

Resource

win7-20240903-en

gozi banker discovery isfb persistence trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

d80c29813bfbc3cbcbd469249d49ebf3_JaffaCakes118.dll

Resource

win10v2004-20240802-en

gozi banker discovery isfb trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  d80c29813bfbc3cbcbd469249d49ebf3_JaffaCakes118
- Size
  
  458KB
- MD5
  
  d80c29813bfbc3cbcbd469249d49ebf3
- SHA1
  
  b714a2ce92e01f9e63825ba1562988b0eb8b3a90
- SHA256
  
  89fb8bde29dfd8e1ec087a757f43a202f102df13e7326ca554c765657b028b9a
- SHA512
  
  451c74e6d18999de7f859e054a845db56de38e42b3efcce81a6ddc606ab41b2b63ecd5a75b7113f4778d7ffdb23537100b7c41ceb61e1f5c48af5b1725fd041c
- SSDEEP
  
  6144:ybtQmb25Zh18hqJbDqSB7Lvq2XsjYiVmOf7Yp4jOa9UpE:ymmCVRtPvq2+d/
Score

10^/10

gozi banker discovery isfb persistence trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbpersistencetrojan

behavioral2

gozibankerdiscoveryisfbtrojan

© 2018-2025

Terms | Privacy