gozi | 0e563e890e7398fe032bdf8686e73c8c097031f930667e3f57047ea7781d5025 | Triage

Sharing

General

Target

8bb9d7a10608c21d011bd3bda99c1d3f_JaffaCakes118
Size

664KB
Sample

241103-qsbh3avfrc
MD5

8bb9d7a10608c21d011bd3bda99c1d3f
SHA1

6dade36ff1da38ef85afd65d530777579ca8830c
SHA256

0e563e890e7398fe032bdf8686e73c8c097031f930667e3f57047ea7781d5025
SHA512

85e62500929a9e8c6a6b138a72cff0136e6f23f3a94c871548f23f8318056f476598101aefa7efc95bf6d59cc5e25d44b7dc611f419850c1dc3fd61b8253fd97
SSDEEP

12288:QZlDohwte5qkbt4KA/1kVLdh9LEW4UWDVfMUMqnixQFkRpJm+:QkhwtubtfGOVBh9d4bEUMqba/m+

Score

10^/10

gozi banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  8bb9d7a10608c21d011bd3bda99c1d3f_JaffaCakes118
- Size
  
  664KB
- MD5
  
  8bb9d7a10608c21d011bd3bda99c1d3f
- SHA1
  
  6dade36ff1da38ef85afd65d530777579ca8830c
- SHA256
  
  0e563e890e7398fe032bdf8686e73c8c097031f930667e3f57047ea7781d5025
- SHA512
  
  85e62500929a9e8c6a6b138a72cff0136e6f23f3a94c871548f23f8318056f476598101aefa7efc95bf6d59cc5e25d44b7dc611f419850c1dc3fd61b8253fd97
- SSDEEP
  
  12288:QZlDohwte5qkbt4KA/1kVLdh9LEW4UWDVfMUMqnixQFkRpJm+:QkhwtubtfGOVBh9d4bEUMqba/m+
Score

10^/10

gozi banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbtrojan

behavioral2

gozibankerdiscoveryisfbtrojan