gozi | 5d8370dfb0a2a65fef70829a2124a7be46885e65f212d7dd985629d1de99e2c8 | Triage

Sharing

General

Target

5d8370dfb0a2a65fef70829a2124a7be46885e65f212d7dd985629d1de99e2c8
Size

1.7MB
Sample

241220-zqxg7atrhp
MD5

ddbe5f1c49abd18bd6382a745912c399
SHA1

378d83c64517a49658951c5b4e2f571d92f92692
SHA256

5d8370dfb0a2a65fef70829a2124a7be46885e65f212d7dd985629d1de99e2c8
SHA512

deeedc7c5b64785490fbf603cb91a2b9643ab0dfff9ab6314d9b6bba8e8e41a720b196658603421e2c72ec566d8a6b36dcdbb8dd1d5d0b689bc868373eaab9ac
SSDEEP

49152:lsskClXSMDbQmlu5z8RlA6yTizYG9Py+qcuQms33CHlXSMDbQmlu5z8R:lsskClXeIAxizYSy+qRlXe

Score

10^/10

gozi banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  5d8370dfb0a2a65fef70829a2124a7be46885e65f212d7dd985629d1de99e2c8
- Size
  
  1.7MB
- MD5
  
  ddbe5f1c49abd18bd6382a745912c399
- SHA1
  
  378d83c64517a49658951c5b4e2f571d92f92692
- SHA256
  
  5d8370dfb0a2a65fef70829a2124a7be46885e65f212d7dd985629d1de99e2c8
- SHA512
  
  deeedc7c5b64785490fbf603cb91a2b9643ab0dfff9ab6314d9b6bba8e8e41a720b196658603421e2c72ec566d8a6b36dcdbb8dd1d5d0b689bc868373eaab9ac
- SSDEEP
  
  49152:lsskClXSMDbQmlu5z8RlA6yTizYG9Py+qcuQms33CHlXSMDbQmlu5z8R:lsskClXeIAxizYSy+qRlXe
Score

10^/10

gozi banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbtrojan

behavioral2

gozibankerdiscoveryisfbtrojan