gozi | 56a0cec492d2f8d68f8c9c5f54a9c9407f352e3b33e1e3e6c68409acb0ec04ac | Triage

Sharing

General

Target

f77e7bd43f365593014469cf644ced65_JaffaCakes118
Size

352KB
Sample

240926-ebhp9syerh
MD5

f77e7bd43f365593014469cf644ced65
SHA1

66692ff392d5844b8bc362cb8a2640927cea6fbf
SHA256

56a0cec492d2f8d68f8c9c5f54a9c9407f352e3b33e1e3e6c68409acb0ec04ac
SHA512

69b6a5fc7b42f714167b39a4b38ed98a95af44a41ba76129f0a43341c459d148d674751f839a8442a1073268e9de88deec9a2cd7bf9eadb46dd63a847a64a885
SSDEEP

6144:g87Sm49lFRQSAe5klIQm3n/ym1grjpY7nf9Bv3lYdkv+hgG2gnG4V/gU:Im+3QSAdm3n/yogZgbv3Gqv0gG2gG4lv

Score

10^/10

gozi 1100 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1100

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250180
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  f77e7bd43f365593014469cf644ced65_JaffaCakes118
- Size
  
  352KB
- MD5
  
  f77e7bd43f365593014469cf644ced65
- SHA1
  
  66692ff392d5844b8bc362cb8a2640927cea6fbf
- SHA256
  
  56a0cec492d2f8d68f8c9c5f54a9c9407f352e3b33e1e3e6c68409acb0ec04ac
- SHA512
  
  69b6a5fc7b42f714167b39a4b38ed98a95af44a41ba76129f0a43341c459d148d674751f839a8442a1073268e9de88deec9a2cd7bf9eadb46dd63a847a64a885
- SSDEEP
  
  6144:g87Sm49lFRQSAe5klIQm3n/ym1grjpY7nf9Bv3lYdkv+hgG2gnG4V/gU:Im+3QSAdm3n/yogZgbv3Gqv0gG2gG4lv
Score

10^/10

gozi 1100 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi1100bankerdiscoveryisfbtrojan

behavioral2

gozi1100bankerdiscoveryisfbtrojan