gozi | e4f9dd4d784f9d250accfb5c9c3a5999b59c4e81dc6226c706327988ba497091 | Triage

Sharing

General

Target

f59b3de48cad5dfd4b57dd5f9c029b5f_JaffaCakes118
Size

167KB
Sample

240925-ke19nsvgrj
MD5

f59b3de48cad5dfd4b57dd5f9c029b5f
SHA1

225330541de051cbf5bef625fcedb8d5e4eb005c
SHA256

e4f9dd4d784f9d250accfb5c9c3a5999b59c4e81dc6226c706327988ba497091
SHA512

531e2ce6037b029b1df23c1dd67debd2f33dd350da55c1ac103a5bf74064f40344097e5cde0917741f2107f16fbb6271bb400c3de0ed02cc720d86b80f1eb771
SSDEEP

3072:CxejGVz7bs62Atbplwv23lq0K6K3xQ5umH:CUjanoQ/GO3laBT

Score

10^/10

gozi banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
217038

Targets

- Target
  
  f59b3de48cad5dfd4b57dd5f9c029b5f_JaffaCakes118
- Size
  
  167KB
- MD5
  
  f59b3de48cad5dfd4b57dd5f9c029b5f
- SHA1
  
  225330541de051cbf5bef625fcedb8d5e4eb005c
- SHA256
  
  e4f9dd4d784f9d250accfb5c9c3a5999b59c4e81dc6226c706327988ba497091
- SHA512
  
  531e2ce6037b029b1df23c1dd67debd2f33dd350da55c1ac103a5bf74064f40344097e5cde0917741f2107f16fbb6271bb400c3de0ed02cc720d86b80f1eb771
- SSDEEP
  
  3072:CxejGVz7bs62Atbplwv23lq0K6K3xQ5umH:CUjanoQ/GO3laBT
Score

10^/10

gozi banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbtrojan

behavioral2

gozibankerdiscoveryisfbtrojan