gozi | 90ca8803a7d5fc0616f08e9c64209148c6b8b23e39bfe5dd5e6254283d9708a6 | Triage

Sharing

General

Target

HPCommRecovery.zip
Size

1.6MB
Sample

241013-lpen4azdng
MD5

e961abdcb3b325955eb3e285dbdb8912
SHA1

467a1cff82a81cc918e13dd3a9c1c2254a8b63e8
SHA256

90ca8803a7d5fc0616f08e9c64209148c6b8b23e39bfe5dd5e6254283d9708a6
SHA512

8aab747740a6031f1d49e2b306d4fe7b6020388a6e28c7ee28f60c9dd11eea411674c681ceb699147d70b2b0f974f8099fbf402356fe5e160bdc0a59fda0ec85
SSDEEP

24576:H48nWRqPLx7dUFgT7vcVx2VL+DIlqOj0SzsmrMwszB7TPWCBhmPZJAaczMSZNybO:LWQlWFgT72QVL+8XjhLsJOCuJ0nQ98

Score

10^/10

gozi banker isfb trojan

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  HPCommRecovery.zip
- Size
  
  1.6MB
- MD5
  
  e961abdcb3b325955eb3e285dbdb8912
- SHA1
  
  467a1cff82a81cc918e13dd3a9c1c2254a8b63e8
- SHA256
  
  90ca8803a7d5fc0616f08e9c64209148c6b8b23e39bfe5dd5e6254283d9708a6
- SHA512
  
  8aab747740a6031f1d49e2b306d4fe7b6020388a6e28c7ee28f60c9dd11eea411674c681ceb699147d70b2b0f974f8099fbf402356fe5e160bdc0a59fda0ec85
- SSDEEP
  
  24576:H48nWRqPLx7dUFgT7vcVx2VL+DIlqOj0SzsmrMwszB7TPWCBhmPZJAaczMSZNybO:LWQlWFgT72QVL+8XjhLsJOCuJ0nQ98
Score

10^/10

gozi banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerisfbtrojan