gozi

General

Target

de7f4951dd06b0ab46c88eed0be19d13_JaffaCakes118
Size

3.4MB
Sample

240913-t6qfxsxfpa
MD5

de7f4951dd06b0ab46c88eed0be19d13
SHA1

512e16dc9ec2deb77fabeff3c3c027884ea7fdc4
SHA256

f65732cc2d7bb3c7313ad5c0d990ca5f8353739b5c7ec27e41f96c40ec2aff67
SHA512

2722f6b9ea04137a38c4287460b007ba9114931deb8a3a6af9c5230e3a6d550a295760878bcdbfe1ffdf07fa47c6276e21ff4f899881c773c149795af2101502
SSDEEP

49152:C89nwonUXJK2qmngTTHQVOwkBc9ODyxN50bj2qYYTWttR:r9SWDPwO8PR

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214096

Extracted

Family

gozi

Botnet

3478

C2

google.com

gmail.com

waouqk51iu.com

jsztkeagan.club

jkeshaunjakob.club

Attributes

build
214096
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  de7f4951dd06b0ab46c88eed0be19d13_JaffaCakes118
- Size
  
  3.4MB
- MD5
  
  de7f4951dd06b0ab46c88eed0be19d13
- SHA1
  
  512e16dc9ec2deb77fabeff3c3c027884ea7fdc4
- SHA256
  
  f65732cc2d7bb3c7313ad5c0d990ca5f8353739b5c7ec27e41f96c40ec2aff67
- SHA512
  
  2722f6b9ea04137a38c4287460b007ba9114931deb8a3a6af9c5230e3a6d550a295760878bcdbfe1ffdf07fa47c6276e21ff4f899881c773c149795af2101502
- SSDEEP
  
  49152:C89nwonUXJK2qmngTTHQVOwkBc9ODyxN50bj2qYYTWttR:r9SWDPwO8PR
Score

10^/10

gozi 3478 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2