gozi | 05935ee9760698045cb5837a94b2b7daa8d9c7597e79762d7b416934220e645a | Triage

Sharing

General

Target

2024-12-20_267d5a79fb93bde0016dd98d12710ea9_karagany_mafia
Size

240KB
Sample

241220-nwnxfsvqfv
MD5

267d5a79fb93bde0016dd98d12710ea9
SHA1

86d3c97fdb593c2eecb64f3c2903b4967c19c477
SHA256

05935ee9760698045cb5837a94b2b7daa8d9c7597e79762d7b416934220e645a
SHA512

4f9b17703e920ef34fde93592ec3ae29700ea48fcd233b82d94999cf9bd92416aeda7c4c6ac1d1fd3f15b65b5bf0449cface22a897de6dd6b718bf866a3542a6
SSDEEP

6144:wApIgymzhBtzYvHpLhlxmTY2ErZqXW1PpbB2C:lpIg/tBtYvHpfxmTYRrZ+Wfo

Score

10^/10

gozi 3345 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Attributes

build
214082

Extracted

Family

gozi

Botnet

3345

C2

mjoan95bn.info

hsh55eyo77serenity.xyz

s5025bt.com

Attributes

build
214082
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  2024-12-20_267d5a79fb93bde0016dd98d12710ea9_karagany_mafia
- Size
  
  240KB
- MD5
  
  267d5a79fb93bde0016dd98d12710ea9
- SHA1
  
  86d3c97fdb593c2eecb64f3c2903b4967c19c477
- SHA256
  
  05935ee9760698045cb5837a94b2b7daa8d9c7597e79762d7b416934220e645a
- SHA512
  
  4f9b17703e920ef34fde93592ec3ae29700ea48fcd233b82d94999cf9bd92416aeda7c4c6ac1d1fd3f15b65b5bf0449cface22a897de6dd6b718bf866a3542a6
- SSDEEP
  
  6144:wApIgymzhBtzYvHpLhlxmTY2ErZqXW1PpbB2C:lpIg/tBtYvHpfxmTYRrZ+Wfo
Score

10^/10

gozi banker isfb trojan 3345 discovery
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerisfbtrojan

behavioral2

gozi3345bankerdiscoveryisfbtrojan