gozi

General

Target

f198d12f539b568055f7f71664ef9ab8_JaffaCakes118
Size

354KB
Sample

240922-jr4d5aygpd
MD5

f198d12f539b568055f7f71664ef9ab8
SHA1

de8e1a1918013fee8b456643c0d54cc100057dfa
SHA256

5f05bba2f3efc548c4a9d17c1979593e992e2588570d129ea3e8f93ce4311db8
SHA512

5748fef84dc612133b4350d456af8fa1436e99ece26610c179772534e7c702fdd302e69a2e5dd6b2064a0400ef321f53370160aa4cf1cadb562f641c66a64002
SSDEEP

6144:jmp7pQMOtvhiNyVyZHbzU5/JMi+xLus/AWQB9X:EpWhcyIZHnU5RPu4B9X

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214062

Extracted

Family

gozi

Botnet

3177

C2

wgcjeremy11.band

skelsigabriella.fun

xelectauishanie.email

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  f198d12f539b568055f7f71664ef9ab8_JaffaCakes118
- Size
  
  354KB
- MD5
  
  f198d12f539b568055f7f71664ef9ab8
- SHA1
  
  de8e1a1918013fee8b456643c0d54cc100057dfa
- SHA256
  
  5f05bba2f3efc548c4a9d17c1979593e992e2588570d129ea3e8f93ce4311db8
- SHA512
  
  5748fef84dc612133b4350d456af8fa1436e99ece26610c179772534e7c702fdd302e69a2e5dd6b2064a0400ef321f53370160aa4cf1cadb562f641c66a64002
- SSDEEP
  
  6144:jmp7pQMOtvhiNyVyZHbzU5/JMi+xLus/AWQB9X:EpWhcyIZHnU5RPu4B9X
Score

10^/10

gozi 3177 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2