gozi

General

Target

bb6d954cff5dffe6c192e6a0afbc2700_JaffaCakes118
Size

332KB
Sample

241203-dh2w2sspal
MD5

bb6d954cff5dffe6c192e6a0afbc2700
SHA1

03fa0ed4520a290623c6133f55ae4b47d6bd6088
SHA256

42c628377c5d6c65a92eceac5318956cba74b57ac1db74b53f1b8ee78fdb930d
SHA512

68e3700a9fc95dfc1db68ebcc7d98613dc4eb4d7ee9c4ccac300d7d488624803aca4bf52f794910770224f9b6f1fa6108c57e52376fe32be2b4bd613e951ccc3
SSDEEP

6144:dxRpCwVKtopdURFJYwZYtuqMOISti9gSZRnuEN/F825TGc2ATMtGiZ:dEw5pdURFJYiq7ISA9gusfAoL

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3004

C2

volaya.ru

mankiza.ru

blog.click-catalog.ru

news.new-webs.ru

new-run.cc

new-run.pk

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  bb6d954cff5dffe6c192e6a0afbc2700_JaffaCakes118
- Size
  
  332KB
- MD5
  
  bb6d954cff5dffe6c192e6a0afbc2700
- SHA1
  
  03fa0ed4520a290623c6133f55ae4b47d6bd6088
- SHA256
  
  42c628377c5d6c65a92eceac5318956cba74b57ac1db74b53f1b8ee78fdb930d
- SHA512
  
  68e3700a9fc95dfc1db68ebcc7d98613dc4eb4d7ee9c4ccac300d7d488624803aca4bf52f794910770224f9b6f1fa6108c57e52376fe32be2b4bd613e951ccc3
- SSDEEP
  
  6144:dxRpCwVKtopdURFJYwZYtuqMOISti9gSZRnuEN/F825TGc2ATMtGiZ:dEw5pdURFJYiq7ISA9gusfAoL
Score

10^/10

gozi 3004 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2