gozi | 04adbf662609cb23bc2755d7722b1c5744bb584f2ad5a88bb6765f4a463b5e74 | Triage

Sharing

General

Target

2024-12-19_483ad2c6fe1798d8bbb770eb0d78f28c_mafia
Size

1.7MB
Sample

241219-vb3nfawpcm
MD5

483ad2c6fe1798d8bbb770eb0d78f28c
SHA1

b3b35791a302e1cff4ced4d5c74e0feb3eb8cc75
SHA256

04adbf662609cb23bc2755d7722b1c5744bb584f2ad5a88bb6765f4a463b5e74
SHA512

48e280525b1fe4415c00d853e5bc4897d311b17cba0cc693f9db13512cc70a8d5ee7ec03bff3a81b1eb5c436ea03994ffa1d0cec64102368c9f22ad0dafade63
SSDEEP

49152:NInYk6iqhMlTavrBrvw4Ybgch5OHLY97E4szBydQZp4DEFIWegU6:eYThMwv904YbHh5OHLY97E4MTZpcEFIB

Score

10^/10

gozi 3334 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Botnet

3334

C2

rueu5334.info

vuypto28.club

ga6jhf.info

Attributes

build
214080
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  2024-12-19_483ad2c6fe1798d8bbb770eb0d78f28c_mafia
- Size
  
  1.7MB
- MD5
  
  483ad2c6fe1798d8bbb770eb0d78f28c
- SHA1
  
  b3b35791a302e1cff4ced4d5c74e0feb3eb8cc75
- SHA256
  
  04adbf662609cb23bc2755d7722b1c5744bb584f2ad5a88bb6765f4a463b5e74
- SHA512
  
  48e280525b1fe4415c00d853e5bc4897d311b17cba0cc693f9db13512cc70a8d5ee7ec03bff3a81b1eb5c436ea03994ffa1d0cec64102368c9f22ad0dafade63
- SSDEEP
  
  49152:NInYk6iqhMlTavrBrvw4Ybgch5OHLY97E4szBydQZp4DEFIWegU6:eYThMwv904YbHh5OHLY97E4MTZpcEFIB
Score

10^/10

gozi 3334 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3334bankerdiscoveryisfbtrojan

behavioral2

gozi3334bankerdiscoveryisfbtrojan