gozi | 3a47ced8750d0151513ce5e28874274d5bcf7b2d81ca5872f8ea5cbd510681f8 | Triage

Submit
Reports

Overview

overview

Static

static

1

I5w0SN.html

windows10-2004-x64

Sharing

General

Target

I5w0SN
Size

504B
Sample

240927-yl145swgkp
MD5

46bacc095e419a61d8594200d6fa96e5
SHA1

2128d5085054537e0a1d449e61ce7839ba10bfb8
SHA256

3a47ced8750d0151513ce5e28874274d5bcf7b2d81ca5872f8ea5cbd510681f8
SHA512

2e3d94f03577895f423d6afe0718dc9e6b1a17617fcc02fd1299975f8d3ae25288fb9920e8ed8e7f2cc5468795c019454d743558c1819d8c1d2ed2678351c3e5

Score

10^/10

gozi banker discovery isfb trojan

Static task

static1

Behavioral task

behavioral1

Sample

I5w0SN.html

Resource

win10v2004-20240802-en

gozi banker discovery isfb trojan

windows10-2004-x64

14 signatures

600 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  I5w0SN
- Size
  
  504B
- MD5
  
  46bacc095e419a61d8594200d6fa96e5
- SHA1
  
  2128d5085054537e0a1d449e61ce7839ba10bfb8
- SHA256
  
  3a47ced8750d0151513ce5e28874274d5bcf7b2d81ca5872f8ea5cbd510681f8
- SHA512
  
  2e3d94f03577895f423d6afe0718dc9e6b1a17617fcc02fd1299975f8d3ae25288fb9920e8ed8e7f2cc5468795c019454d743558c1819d8c1d2ed2678351c3e5
Score

10^/10

gozi banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbtrojan

© 2018-2025

Terms | Privacy