gozi | 5cb9d7744b561570a529f2820f392dad98aa52c4dfd9ebe771a6381636fe8cae | Triage

Sharing

General

Target

eedc6ece437f7a34abf793dc9400ae76_JaffaCakes118
Size

467KB
Sample

241214-p5t1hatrbp
MD5

eedc6ece437f7a34abf793dc9400ae76
SHA1

2e3e6f6faf8a9661ba46908a903da08a4126044b
SHA256

5cb9d7744b561570a529f2820f392dad98aa52c4dfd9ebe771a6381636fe8cae
SHA512

b3356777df19cabc9070682c3be2fdfbd93cd902136dfe829698fa9fa86cb495fb9732c27c42aa6510bd79ecc449e16ba0758d2727a1a877cbe99bb3c5173e0e
SSDEEP

6144:2DOcDOxAYNKc6oerYWfIZZVxYeOaUowKkxgkEfEUbfxCh0fO/W/cvd5nQH3lFCCs:2OcDOxAQKc4YWKe/7mvCh0CRvdP

Score

10^/10

gozi 3001 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3001

C2

return901.ru

ferresita.ru

tmp1.super-list.ru

net7.dns9free.ru

new-recv.org.kz

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  eedc6ece437f7a34abf793dc9400ae76_JaffaCakes118
- Size
  
  467KB
- MD5
  
  eedc6ece437f7a34abf793dc9400ae76
- SHA1
  
  2e3e6f6faf8a9661ba46908a903da08a4126044b
- SHA256
  
  5cb9d7744b561570a529f2820f392dad98aa52c4dfd9ebe771a6381636fe8cae
- SHA512
  
  b3356777df19cabc9070682c3be2fdfbd93cd902136dfe829698fa9fa86cb495fb9732c27c42aa6510bd79ecc449e16ba0758d2727a1a877cbe99bb3c5173e0e
- SSDEEP
  
  6144:2DOcDOxAYNKc6oerYWfIZZVxYeOaUowKkxgkEfEUbfxCh0fO/W/cvd5nQH3lFCCs:2OcDOxAQKc4YWKe/7mvCh0CRvdP
Score

10^/10

gozi 3001 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3001bankerdiscoveryisfbtrojan

behavioral2

gozi3001bankerdiscoveryisfbtrojan