gozi

General

Target

f3bcdae2bbbfbcd7cb6a823ae5f7f9f2_JaffaCakes118
Size

229KB
Sample

240924-qpm3pawglp
MD5

f3bcdae2bbbfbcd7cb6a823ae5f7f9f2
SHA1

2c95aae5f9d62b22910f59391e756ea27eabc642
SHA256

bb530a1c1268090822e8591b3f8b4d75add433f9e042dd226aba90f03eea1c00
SHA512

eab29ad842f95d7944003cd31ac393f1517248bbae4a3dd80285e6bfddbdb238aad52692d44f6b823c170675608a2d50f5ff4a20ccfaf81c74824d04f61c50e9
SSDEEP

6144:8D9OBsKVfsTRELtIrg2aTzAJGxo0hn76NMR6vj4E21cB:8D9O2+s9EBwTaTzA8m0l76NMR6vjXzB

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214098

Extracted

Family

gozi

Botnet

3516

C2

google.com

gmail.com

kh2714ldb.com

l27frederic.com

rivhemadison.com

Attributes

build
214098
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  f3bcdae2bbbfbcd7cb6a823ae5f7f9f2_JaffaCakes118
- Size
  
  229KB
- MD5
  
  f3bcdae2bbbfbcd7cb6a823ae5f7f9f2
- SHA1
  
  2c95aae5f9d62b22910f59391e756ea27eabc642
- SHA256
  
  bb530a1c1268090822e8591b3f8b4d75add433f9e042dd226aba90f03eea1c00
- SHA512
  
  eab29ad842f95d7944003cd31ac393f1517248bbae4a3dd80285e6bfddbdb238aad52692d44f6b823c170675608a2d50f5ff4a20ccfaf81c74824d04f61c50e9
- SSDEEP
  
  6144:8D9OBsKVfsTRELtIrg2aTzAJGxo0hn76NMR6vj4E21cB:8D9O2+s9EBwTaTzA8m0l76NMR6vjXzB
Score

10^/10

gozi 3516 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2