gozi | 488f966b4411522afed6ad257b580bcbfd709e884c94f44ac3f839fda18010f5 | Triage

Sharing

General

Target

488f966b4411522afed6ad257b580bcbfd709e884c94f44ac3f839fda18010f5
Size

624KB
Sample

241221-tnmbjsspdm
MD5

a0cecdda77622605abd71a614c2cb103
SHA1

bb956281267d216f0d52dc5bdc13fbb92416404d
SHA256

488f966b4411522afed6ad257b580bcbfd709e884c94f44ac3f839fda18010f5
SHA512

11909c200f4edeaa3017a1a684e9e882e4fa2ad1a78d8b19ee221c705002595947f37683089eadd0526443b340a2a79b033224397006c2157234b3c6622d921c
SSDEEP

12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZJ:+w1lEKOpuYxiwkkgjAN8ZJ

Score

10^/10

gozi 999 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  488f966b4411522afed6ad257b580bcbfd709e884c94f44ac3f839fda18010f5
- Size
  
  624KB
- MD5
  
  a0cecdda77622605abd71a614c2cb103
- SHA1
  
  bb956281267d216f0d52dc5bdc13fbb92416404d
- SHA256
  
  488f966b4411522afed6ad257b580bcbfd709e884c94f44ac3f839fda18010f5
- SHA512
  
  11909c200f4edeaa3017a1a684e9e882e4fa2ad1a78d8b19ee221c705002595947f37683089eadd0526443b340a2a79b033224397006c2157234b3c6622d921c
- SSDEEP
  
  12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZJ:+w1lEKOpuYxiwkkgjAN8ZJ
Score

10^/10

gozi 999 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi999bankerdiscoveryisfbtrojan

behavioral2

gozi999bankerdiscoveryisfbtrojan