gozi | 0331e91d94af0b232824f1bc5d5df8a0685530ac7dc5e63190222ae201b4c7cc | Triage

Sharing

General

Target

0331e91d94af0b232824f1bc5d5df8a0685530ac7dc5e63190222ae201b4c7ccN.exe
Size

304KB
Sample

241220-cftxzsxjbp
MD5

dc30ca6dc689b086b53b1b0758d53f40
SHA1

634a3757d3e9a00c3484537c8335ebffcdf942a8
SHA256

0331e91d94af0b232824f1bc5d5df8a0685530ac7dc5e63190222ae201b4c7cc
SHA512

68eaf041cc0584c1226ca3a69753056577fe438778d677ea09c608bd77be71b31f9b16164dec804f23c7687dba960f6c069e7cccf890d5f06973a273723476fc
SSDEEP

6144:u/806jJmAnCyoHOlq/QMA5pzJhgFOAAnMCUm1t79NSuxD:u/806jJmQ6Dkfhcs7h

Score

10^/10

gozi 3364 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214082

Extracted

Family

gozi

Botnet

3364

C2

cio12y21e99.top

pp70guy53kevin.top

pjr82milford.xyz

Attributes

build
214082
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  0331e91d94af0b232824f1bc5d5df8a0685530ac7dc5e63190222ae201b4c7ccN.exe
- Size
  
  304KB
- MD5
  
  dc30ca6dc689b086b53b1b0758d53f40
- SHA1
  
  634a3757d3e9a00c3484537c8335ebffcdf942a8
- SHA256
  
  0331e91d94af0b232824f1bc5d5df8a0685530ac7dc5e63190222ae201b4c7cc
- SHA512
  
  68eaf041cc0584c1226ca3a69753056577fe438778d677ea09c608bd77be71b31f9b16164dec804f23c7687dba960f6c069e7cccf890d5f06973a273723476fc
- SSDEEP
  
  6144:u/806jJmAnCyoHOlq/QMA5pzJhgFOAAnMCUm1t79NSuxD:u/806jJmQ6Dkfhcs7h
Score

10^/10

gozi 3364 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3364bankerdiscoveryisfbtrojan

behavioral2

gozi3364bankerdiscoveryisfbtrojan