gozi

General

Target

da76a7e419139eb0513ffb558f27a6de_JaffaCakes118
Size

324KB
Sample

240911-qxzfpatdrc
MD5

da76a7e419139eb0513ffb558f27a6de
SHA1

4240c74a3544a94a7d407f1a0c33e0f426ab0481
SHA256

9291b31c063243825d0b8552110aa5633edc3d0d49b5575853bea88e595938c0
SHA512

0d949ce904dd21c484242bd7d31df7a15f42b329aa631a7abd6051b32877f4c0db30e1d279efc4a675be869bbcfd88d7e539b7ca9f4a19ec98f294fd495e12ee
SSDEEP

6144:MwW5GMHLDO8+IEsOCj+PlTUtEyor6rPPPMtMQKdv69J07uQ:MT5GmO8+IEsOo+dyn/j6J07

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214085

Extracted

Family

gozi

Botnet

3423

C2

google.com

gmail.com

sizfjalenk51.com

v25brigittet.com

k23ueugeniay.com

Attributes

build
214085
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  da76a7e419139eb0513ffb558f27a6de_JaffaCakes118
- Size
  
  324KB
- MD5
  
  da76a7e419139eb0513ffb558f27a6de
- SHA1
  
  4240c74a3544a94a7d407f1a0c33e0f426ab0481
- SHA256
  
  9291b31c063243825d0b8552110aa5633edc3d0d49b5575853bea88e595938c0
- SHA512
  
  0d949ce904dd21c484242bd7d31df7a15f42b329aa631a7abd6051b32877f4c0db30e1d279efc4a675be869bbcfd88d7e539b7ca9f4a19ec98f294fd495e12ee
- SSDEEP
  
  6144:MwW5GMHLDO8+IEsOCj+PlTUtEyor6rPPPMtMQKdv69J07uQ:MT5GmO8+IEsOo+dyn/j6J07
Score

10^/10

gozi 3423 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2