gozi

General

Target

e10694ccc1f5745347b999fd9175ea21_JaffaCakes118
Size

355KB
Sample

240914-ztfnvawelb
MD5

e10694ccc1f5745347b999fd9175ea21
SHA1

decf1f005ca5e5fd598c4d7045e5faeebd6f7847
SHA256

5e09e5ca1e6acd32a4f5319944cc80edfb9b5f9b1a6dfbae8b6723b3051a22d5
SHA512

17700476852449491b10c154530a516e8a6162a846cc2accda151370846eec45207b39e9dc1ad7d0eb966f9769f62da989f96c569e39eb45b2aaf02a87bdcbf5
SSDEEP

6144:Z2PfwMqVqOnmWkKrlAUNqNCQzH10YLplTjGePo1nWT/jiVIgn:ZXMqVtn6Kr2UNqN7zH1nnPQWT/GN

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214085

Extracted

Family

gozi

Botnet

3431

C2

google.com

gmail.com

zuoashlyc.com

x4fwben.xyz

rreynold77.club

Attributes

build
214085
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  e10694ccc1f5745347b999fd9175ea21_JaffaCakes118
- Size
  
  355KB
- MD5
  
  e10694ccc1f5745347b999fd9175ea21
- SHA1
  
  decf1f005ca5e5fd598c4d7045e5faeebd6f7847
- SHA256
  
  5e09e5ca1e6acd32a4f5319944cc80edfb9b5f9b1a6dfbae8b6723b3051a22d5
- SHA512
  
  17700476852449491b10c154530a516e8a6162a846cc2accda151370846eec45207b39e9dc1ad7d0eb966f9769f62da989f96c569e39eb45b2aaf02a87bdcbf5
- SSDEEP
  
  6144:Z2PfwMqVqOnmWkKrlAUNqNCQzH10YLplTjGePo1nWT/jiVIgn:ZXMqVtn6Kr2UNqN7zH1nnPQWT/GN
Score

10^/10

gozi 3431 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2