gozi | b978fa291ad220dba1c78549c560d9f14ebe1140d6547916fc47c235c535236d | Triage

Sharing

General

Target

ca07dc42e0c3130ee1626672b5ca850e_JaffaCakes118
Size

350KB
Sample

241206-aalnbavphq
MD5

ca07dc42e0c3130ee1626672b5ca850e
SHA1

c3b6264a04fb4c639830d543eafd37ab974dbda0
SHA256

b978fa291ad220dba1c78549c560d9f14ebe1140d6547916fc47c235c535236d
SHA512

c652a01dd074b6469e4b47bc778993a054d5e9aff568a527da7b04356164b5c6f3ef459db63d9c94eec7b3145b54f028ad98587a2d7ea132326632f403d37fda
SSDEEP

6144:RukiCIXQRFUPRLLHpsn4kA4JMWmaF0oc:R0vXqFMFHps4k1euz

Score

10^/10

gozi banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
217039

Targets

- Target
  
  ca07dc42e0c3130ee1626672b5ca850e_JaffaCakes118
- Size
  
  350KB
- MD5
  
  ca07dc42e0c3130ee1626672b5ca850e
- SHA1
  
  c3b6264a04fb4c639830d543eafd37ab974dbda0
- SHA256
  
  b978fa291ad220dba1c78549c560d9f14ebe1140d6547916fc47c235c535236d
- SHA512
  
  c652a01dd074b6469e4b47bc778993a054d5e9aff568a527da7b04356164b5c6f3ef459db63d9c94eec7b3145b54f028ad98587a2d7ea132326632f403d37fda
- SSDEEP
  
  6144:RukiCIXQRFUPRLLHpsn4kA4JMWmaF0oc:R0vXqFMFHps4k1euz
Score

10^/10

gozi banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbtrojan

behavioral2

gozibankerdiscoveryisfbtrojan