gozi | ce73698cef9348fb1b6e1ef41859fd5c385fb8680421866564bcfbb3c991dc54 | Triage

Sharing

General

Target

ce73698cef9348fb1b6e1ef41859fd5c385fb8680421866564bcfbb3c991dc54
Size

624KB
Sample

241221-tr5bjasnhx
MD5

83f2b88015476498a01692651af22ff9
SHA1

66f6d8714c0c974c632b441387eecaac4a6e8274
SHA256

ce73698cef9348fb1b6e1ef41859fd5c385fb8680421866564bcfbb3c991dc54
SHA512

2b869d71ed7885d11883378be362dc027f667f90f5c5d889c8525f2f45fdc34543631f79459267d714d6ff974dc8385f48d7b3499cf24d196c4314eb28a33291
SSDEEP

12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Z5:+w1lEKOpuYxiwkkgjAN8Z5

Score

10^/10

gozi 999 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  ce73698cef9348fb1b6e1ef41859fd5c385fb8680421866564bcfbb3c991dc54
- Size
  
  624KB
- MD5
  
  83f2b88015476498a01692651af22ff9
- SHA1
  
  66f6d8714c0c974c632b441387eecaac4a6e8274
- SHA256
  
  ce73698cef9348fb1b6e1ef41859fd5c385fb8680421866564bcfbb3c991dc54
- SHA512
  
  2b869d71ed7885d11883378be362dc027f667f90f5c5d889c8525f2f45fdc34543631f79459267d714d6ff974dc8385f48d7b3499cf24d196c4314eb28a33291
- SSDEEP
  
  12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Z5:+w1lEKOpuYxiwkkgjAN8Z5
Score

10^/10

gozi 999 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi999bankerdiscoveryisfbtrojan

behavioral2

gozi999bankerdiscoveryisfbtrojan