gozi

General

Target

fca68745a7b3b5b9bdfe49b9e02a11ae_JaffaCakes118
Size

547KB
Sample

240928-tgf6ystgpn
MD5

fca68745a7b3b5b9bdfe49b9e02a11ae
SHA1

73e2439cb751b078cc63d29b096141285fc9f9a0
SHA256

95018fef89b70c0c85453ff907861a0cc0763fa038c392a3f8176b98fc414366
SHA512

f08dc2370330ddaf8c90b99ad0659d8fb0da9ea3507a82ead441fc3ecb12225727d09815080f6a5882f35fe705257dad9048ce4ff87c201a0ffedbd76ca0714e
SSDEEP

6144:uVJt7IsATy65KJZnF/gYdpOLw9F/lauaS7tsPUF18avHUwAIgJ+ke:uFTM5utF/tdpm87tKO6asJIgJt

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214062

Extracted

Family

gozi

Botnet

3187

C2

qrodericky94.company

g77yelsao.company

tromainevirginia.email

Attributes

build
214062
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  fca68745a7b3b5b9bdfe49b9e02a11ae_JaffaCakes118
- Size
  
  547KB
- MD5
  
  fca68745a7b3b5b9bdfe49b9e02a11ae
- SHA1
  
  73e2439cb751b078cc63d29b096141285fc9f9a0
- SHA256
  
  95018fef89b70c0c85453ff907861a0cc0763fa038c392a3f8176b98fc414366
- SHA512
  
  f08dc2370330ddaf8c90b99ad0659d8fb0da9ea3507a82ead441fc3ecb12225727d09815080f6a5882f35fe705257dad9048ce4ff87c201a0ffedbd76ca0714e
- SSDEEP
  
  6144:uVJt7IsATy65KJZnF/gYdpOLw9F/lauaS7tsPUF18avHUwAIgJ+ke:uFTM5utF/tdpm87tKO6asJIgJt
Score

10^/10

gozi 3187 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2