gozi | 146b98c91f1fd3828ef5e091049809c5d0a3562f051d9e9d36f736ee70afa432 | Triage

Sharing

General

Target

lr.exe
Size

87KB
Sample

240924-2f3bsssdne
MD5

f6ec0ffb5ba23be37e4fbc01f7a7ee95
SHA1

e802116c030e82097c9e230576294fb2cc67fe0c
SHA256

146b98c91f1fd3828ef5e091049809c5d0a3562f051d9e9d36f736ee70afa432
SHA512

fc2a2202452f5fbf78da6008012004efec7e5e5ee8ca5bb46eb13aa76c34c25490b4ec7d9c9db53cc02a394fecf424792542014dc7f0689fde538453d796cc57
SSDEEP

768:cawSUgqtyO6u7rKE/4GoLN59muQZrHZOanbCS6weiOW1EDY3F+1eL8v1vCX9fyZ2:XA17rKEQDR5QZdneiHo1XdvIXmkoD4

Score

10^/10

gozi banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
216999

Targets

- Target
  
  lr.exe
- Size
  
  87KB
- MD5
  
  f6ec0ffb5ba23be37e4fbc01f7a7ee95
- SHA1
  
  e802116c030e82097c9e230576294fb2cc67fe0c
- SHA256
  
  146b98c91f1fd3828ef5e091049809c5d0a3562f051d9e9d36f736ee70afa432
- SHA512
  
  fc2a2202452f5fbf78da6008012004efec7e5e5ee8ca5bb46eb13aa76c34c25490b4ec7d9c9db53cc02a394fecf424792542014dc7f0689fde538453d796cc57
- SSDEEP
  
  768:cawSUgqtyO6u7rKE/4GoLN59muQZrHZOanbCS6weiOW1EDY3F+1eL8v1vCX9fyZ2:XA17rKEQDR5QZdneiHo1XdvIXmkoD4
Score

10^/10

gozi banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbtrojan

behavioral2

gozibankerdiscoveryisfbtrojan