gozi | 0b6e018525f727d3db85e9a7991ce0e9e94db2032c0310007799bee350b54061 | Triage

Sharing

General

Target

0b6e018525f727d3db85e9a7991ce0e9e94db2032c0310007799bee350b54061
Size

1018KB
Sample

240911-xekm5sxaqa
MD5

22eefd16d9dc1c188c8dc6beb40ade3e
SHA1

b2ad9141ffcbbf2fd12c4685ee7eabbdaf4c1f2f
SHA256

0b6e018525f727d3db85e9a7991ce0e9e94db2032c0310007799bee350b54061
SHA512

fed6d83a7f6285a1c15538ac48639719c88f766b277df9f2cdf2bed17186b29f7da67cf6069f8375cbd0384769e973f2ac6f4c4032c457d94780ee3762d8238a
SSDEEP

12288:d1r8VxYrIqBfSgpfj2BS6MrZOGJ45ex8tuK9L138ZsIj2LDxHkqrdYIcZpFkO+ah:nUxYsqBLfEGJ451+3j2LVHZl+yO+fk

Score

10^/10

gozi 6000 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

6000

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  0b6e018525f727d3db85e9a7991ce0e9e94db2032c0310007799bee350b54061
- Size
  
  1018KB
- MD5
  
  22eefd16d9dc1c188c8dc6beb40ade3e
- SHA1
  
  b2ad9141ffcbbf2fd12c4685ee7eabbdaf4c1f2f
- SHA256
  
  0b6e018525f727d3db85e9a7991ce0e9e94db2032c0310007799bee350b54061
- SHA512
  
  fed6d83a7f6285a1c15538ac48639719c88f766b277df9f2cdf2bed17186b29f7da67cf6069f8375cbd0384769e973f2ac6f4c4032c457d94780ee3762d8238a
- SSDEEP
  
  12288:d1r8VxYrIqBfSgpfj2BS6MrZOGJ45ex8tuK9L138ZsIj2LDxHkqrdYIcZpFkO+ah:nUxYsqBLfEGJ451+3j2LVHZl+yO+fk
Score

10^/10

gozi 6000 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi6000bankerdiscoveryisfbtrojan

behavioral2

gozi6000bankerdiscoveryisfbtrojan