gozi

General

Target

97cc9e5f0fb3963ab37b9010440b9df364589f2178d9677e85b179488b283f43
Size

6.7MB
Sample

241110-wwx45asbmn
MD5

a6bd4c5a37eb3887e51f8f214c6efc65
SHA1

42e4d8480d0e94551e9fc55ffb709f1a33f1267b
SHA256

97cc9e5f0fb3963ab37b9010440b9df364589f2178d9677e85b179488b283f43
SHA512

5a8bb85577a2cc4940ee67098300e388155e23128e579622f4e21350ee118e2d6fee2cc9bea2673a7667067ea0bbbfe75417c2400146fbbfd0cd041cbdc809d0
SSDEEP

196608:fxy0LingvGFgJVc1uMfydAMGPsK/oKFIRRCBbZKlYO7mOU:frungvGizcfbsKgKFIRY1ZAYOi1

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

20005

C2

trackingg-protectioon.cdn4.mozilla.net

80.77.23.77

80.77.25.109

protectioon.cdn4.mozilla.net

170.130.165.182

80.77.25.114

Attributes

base_path
/fonts/
build
250250
exe_type
loader
extension
.bak
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  Zeip.dll
- Size
  
  592KB
- MD5
  
  85fa54c2a97ad3a1f8bd64af62450511
- SHA1
  
  db92c0a81e8b27d222607e093ccc9d00485db119
- SHA256
  
  e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35
- SHA512
  
  6c6faba5f566e3c383d676c736319a7a70138070b0d9771727a1c7756718a4add05db8a7c3a5b038b9269a0ecb14434872516912faea8e2479729a192f9a4b4b
- SSDEEP
  
  12288:cysmuJC4fktsdyjJGL44Clz8JwsWydYo9NRl:cT7IoyjXTKdlnz
Score

10^/10

gozi 20005 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  Zeip.exe.bin
- Size
  
  7.9MB
- MD5
  
  f64fe8dfd90501283aec92267e9642a6
- SHA1
  
  561da958d0e9ca193b2eb61db44e9b5a0c68c1e2
- SHA256
  
  c38748c8e758f54ed5628d730e12ddb7b7aa39511d431d35cf2d5ad1341ed946
- SHA512
  
  e3893a453d98871d839098cd12be6cc13acc263f17d485e5b407ddb5dd11641f7979856a45476051157b316cb62316f599b5cf62c64b4699b2304610cddcdb79
- SSDEEP
  
  98304:nDNc0+5OWM2nAR0ORuRxZ0pontIy5DY0LCMabONiosAvuBQGKyTiD:nDi0K/A0OgRH0pon7PRabNosPBQXyy
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4