gozi | 9996301b010545113c353ef89b7d70c1e44a1dd92ee7a1bd6c511063d094021f | Triage

Sharing

General

Target

ce42c431b4edbcd2342e6646d73833fc_JaffaCakes118
Size

316KB
Sample

241206-wdd9aszja1
MD5

ce42c431b4edbcd2342e6646d73833fc
SHA1

09122b446ab1fccd898ab5f883af3fb10254de02
SHA256

9996301b010545113c353ef89b7d70c1e44a1dd92ee7a1bd6c511063d094021f
SHA512

8989e2f7868861b740b061f74da0e96627adec952799c69bf581895d84f229bd45113a3c9e8bf6b75b01f96094622d82a36c138273f1e2c398360c1a76aa877e
SSDEEP

6144:3irEB8mFR75JxV0HbCwAOjEGdc9Wsn2/3N/hHc0g7goBVF1Yxb:3irEBXjFl0HbCWjEGEWQa9/hHc0oRM

Score

10^/10

gozi 1002 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1002

C2

vundaba.com

matashka.ru

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  ce42c431b4edbcd2342e6646d73833fc_JaffaCakes118
- Size
  
  316KB
- MD5
  
  ce42c431b4edbcd2342e6646d73833fc
- SHA1
  
  09122b446ab1fccd898ab5f883af3fb10254de02
- SHA256
  
  9996301b010545113c353ef89b7d70c1e44a1dd92ee7a1bd6c511063d094021f
- SHA512
  
  8989e2f7868861b740b061f74da0e96627adec952799c69bf581895d84f229bd45113a3c9e8bf6b75b01f96094622d82a36c138273f1e2c398360c1a76aa877e
- SSDEEP
  
  6144:3irEB8mFR75JxV0HbCwAOjEGdc9Wsn2/3N/hHc0g7goBVF1Yxb:3irEBXjFl0HbCWjEGEWQa9/hHc0oRM
Score

10^/10

gozi 1002 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi1002bankerdiscoveryisfbtrojan

behavioral2

gozi1002bankerdiscoveryisfbtrojan