gozi | 09fd889760c254f9ce2438e5d084e32a1c0116a83d3df8e05eea382d3fe27fdb | Triage

Sharing

General

Target

e458363303a19407c5251c3de64df270_JaffaCakes118
Size

1.2MB
Sample

240916-j2k1jaxcrl
MD5

e458363303a19407c5251c3de64df270
SHA1

e3171a37e8e8fe61e68c2cb80fa2c35a59d1d05e
SHA256

09fd889760c254f9ce2438e5d084e32a1c0116a83d3df8e05eea382d3fe27fdb
SHA512

58908d322e20c8f29f3ee3c89c783374a27f35720748a21f0aef1a6922316015a5e77485cffcd7ff1f89c819b6cf0d09357dcfb71f20bae791f25c14729c01b3
SSDEEP

12288:i/koUn+KOkzRquIXFdj1eeqIKMFAMxAZ1AOs:i/fmNQIlIK8gDAF

Score

10^/10

gozi banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  e458363303a19407c5251c3de64df270_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  e458363303a19407c5251c3de64df270
- SHA1
  
  e3171a37e8e8fe61e68c2cb80fa2c35a59d1d05e
- SHA256
  
  09fd889760c254f9ce2438e5d084e32a1c0116a83d3df8e05eea382d3fe27fdb
- SHA512
  
  58908d322e20c8f29f3ee3c89c783374a27f35720748a21f0aef1a6922316015a5e77485cffcd7ff1f89c819b6cf0d09357dcfb71f20bae791f25c14729c01b3
- SSDEEP
  
  12288:i/koUn+KOkzRquIXFdj1eeqIKMFAMxAZ1AOs:i/fmNQIlIK8gDAF
Score

10^/10

gozi banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbtrojan

behavioral2

gozibankerdiscoveryisfbtrojan