gozi

General

Target

d21fc7e4912436c536c1bf752cf01910_JaffaCakes118
Size

269KB
Sample

241207-m5rt2avqap
MD5

d21fc7e4912436c536c1bf752cf01910
SHA1

48d3c0d50a40d301352ff594dec7f66e8e4653ad
SHA256

5397ebcc73c4862206f10ba289543d745a051b1ec2331d81d36beaf5c5757a7a
SHA512

f46074f31775c9c044d4d7bb363ae29ef1f743a777c30733757545d9fed56a6f0ad157a18d939a457f339732259c5527b5fdfc66a5509ded9086a667ae0d0301
SSDEEP

6144:/qdA+91vlJiVFsi8mC/xoiOlb+XYhR3nAw2bRpRqbY:CdJjvlJ6bLC/KbsYGbRubY

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1015

C2

caibmqujcohnvtjrop.net

lgeywijneyke.us

puqcgfwgmftravot.com

itnnuubvifmaintg.com

rtsnysrusdtbh.net

Attributes

exe_type
worker
server_id
8

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  d21fc7e4912436c536c1bf752cf01910_JaffaCakes118
- Size
  
  269KB
- MD5
  
  d21fc7e4912436c536c1bf752cf01910
- SHA1
  
  48d3c0d50a40d301352ff594dec7f66e8e4653ad
- SHA256
  
  5397ebcc73c4862206f10ba289543d745a051b1ec2331d81d36beaf5c5757a7a
- SHA512
  
  f46074f31775c9c044d4d7bb363ae29ef1f743a777c30733757545d9fed56a6f0ad157a18d939a457f339732259c5527b5fdfc66a5509ded9086a667ae0d0301
- SSDEEP
  
  6144:/qdA+91vlJiVFsi8mC/xoiOlb+XYhR3nAw2bRpRqbY:CdJjvlJ6bLC/KbsYGbRubY
Score

10^/10

gozi 1015 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2