gozi | 4d16ed467ab93c8624822875bd7d3fd2e1ab2906df85b03a6c958c4bea22ea99 | Triage

Sharing

General

Target

9314842889f35307d890578de62a1589_JaffaCakes118
Size

249KB
Sample

241124-hea2davjcq
MD5

9314842889f35307d890578de62a1589
SHA1

30cf8a675b468e664260968a351cdb32688140b0
SHA256

4d16ed467ab93c8624822875bd7d3fd2e1ab2906df85b03a6c958c4bea22ea99
SHA512

397d652493121b30039ae1c71e05dc785544610ff093f67b5a86f8e2970048d0b215ec16a8fb82f323252e65fe480bd3380c717e544bb7f3bc6226614d7f5c50
SSDEEP

6144:Mxst8BlHWkWTEZn7FSkgGflN9ODFPV+65js4yTxM:dGBlNW0w0fT9SFPV+65A4mM

Score

10^/10

gozi banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  9314842889f35307d890578de62a1589_JaffaCakes118
- Size
  
  249KB
- MD5
  
  9314842889f35307d890578de62a1589
- SHA1
  
  30cf8a675b468e664260968a351cdb32688140b0
- SHA256
  
  4d16ed467ab93c8624822875bd7d3fd2e1ab2906df85b03a6c958c4bea22ea99
- SHA512
  
  397d652493121b30039ae1c71e05dc785544610ff093f67b5a86f8e2970048d0b215ec16a8fb82f323252e65fe480bd3380c717e544bb7f3bc6226614d7f5c50
- SSDEEP
  
  6144:Mxst8BlHWkWTEZn7FSkgGflN9ODFPV+65js4yTxM:dGBlNW0w0fT9SFPV+65A4mM
Score

10^/10

gozi banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbtrojan

behavioral2

gozibankerdiscoveryisfbtrojan