gozi | 20a8c4cdda2527f476866105f8f12855198d63d90d18e8b843fc3cacaa6ab1ab | Triage

Sharing

General

Target

20a8c4cdda2527f476866105f8f12855198d63d90d18e8b843fc3cacaa6ab1ab
Size

624KB
Sample

241221-t68x9stjcy
MD5

398700635413409a344af99a81092ef1
SHA1

1552f915cdde2adf172bee4cbcc3417262ad0f9c
SHA256

20a8c4cdda2527f476866105f8f12855198d63d90d18e8b843fc3cacaa6ab1ab
SHA512

ae689e89cf7d6ae939e1d06c1d032a35dd5d1bcde05bd5da13e48a28876b3627a75e19ab4b08e35090238bfdb59ad9677517821168f6c6bf275caed719392ad2
SSDEEP

12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zs:+w1lEKOpuYxiwkkgjAN8Zs

Score

10^/10

gozi 999 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  20a8c4cdda2527f476866105f8f12855198d63d90d18e8b843fc3cacaa6ab1ab
- Size
  
  624KB
- MD5
  
  398700635413409a344af99a81092ef1
- SHA1
  
  1552f915cdde2adf172bee4cbcc3417262ad0f9c
- SHA256
  
  20a8c4cdda2527f476866105f8f12855198d63d90d18e8b843fc3cacaa6ab1ab
- SHA512
  
  ae689e89cf7d6ae939e1d06c1d032a35dd5d1bcde05bd5da13e48a28876b3627a75e19ab4b08e35090238bfdb59ad9677517821168f6c6bf275caed719392ad2
- SSDEEP
  
  12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zs:+w1lEKOpuYxiwkkgjAN8Zs
Score

10^/10

gozi 999 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi999bankerdiscoveryisfbtrojan

behavioral2

gozi999bankerdiscoveryisfbtrojan