gozi | d8c3dcce296dcea34db1f0025b9a6380ac4a52eb86d160921182eca02c69efc1 | Triage

Sharing

General

Target

d8c3dcce296dcea34db1f0025b9a6380ac4a52eb86d160921182eca02c69efc1
Size

626KB
Sample

241221-thwyssslhx
MD5

caed4585a03bea2fa13bf491c28de7fb
SHA1

a1343c2183f42568991c626e5e7900e74940a1c0
SHA256

d8c3dcce296dcea34db1f0025b9a6380ac4a52eb86d160921182eca02c69efc1
SHA512

4f867c78ed60d6633a3ebc2ccb9c1b0cc7147835b248f11f62cafb3b6bdfc24176d21775355bae8c49bc39720d4ec47fd69ed34742bc7507cce57f8f26f84ee6
SSDEEP

12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZE:+w1lEKOpuYxiwkkgjAN8ZE

Score

10^/10

gozi 999 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  d8c3dcce296dcea34db1f0025b9a6380ac4a52eb86d160921182eca02c69efc1
- Size
  
  626KB
- MD5
  
  caed4585a03bea2fa13bf491c28de7fb
- SHA1
  
  a1343c2183f42568991c626e5e7900e74940a1c0
- SHA256
  
  d8c3dcce296dcea34db1f0025b9a6380ac4a52eb86d160921182eca02c69efc1
- SHA512
  
  4f867c78ed60d6633a3ebc2ccb9c1b0cc7147835b248f11f62cafb3b6bdfc24176d21775355bae8c49bc39720d4ec47fd69ed34742bc7507cce57f8f26f84ee6
- SSDEEP
  
  12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZE:+w1lEKOpuYxiwkkgjAN8ZE
Score

10^/10

gozi 999 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi999bankerdiscoveryisfbtrojan

behavioral2

gozi999bankerdiscoveryisfbtrojan