gozi | e1ad3fe6d1a7efa2dd27f32d78abf43f6adb0d27e00044168db258d95e1ef4d4 | Triage

Sharing

General

Target

e1ad3fe6d1a7efa2dd27f32d78abf43f6adb0d27e00044168db258d95e1ef4d4
Size

937KB
Sample

241221-v24cnatrg1
MD5

9a8457b3a9c9d71e11ab219de1c8d503
SHA1

04a43d7bbb61082d832be616de6728b54619a26d
SHA256

e1ad3fe6d1a7efa2dd27f32d78abf43f6adb0d27e00044168db258d95e1ef4d4
SHA512

572bf667f4b611d74e43965295f316bf11e7bbe955f572a6105055d7dc88456ac78c3924b7410b5507f77eb9a30283622a45d719a8cacfa41a83477f6de34d63
SSDEEP

24576:HQfpzjXPgft8CJV4X+IBIJ3cazaLwj1mCG9CpNiLi:IFDgBJV4OaIRj150CpNiLi

Score

10^/10

gozi 4500 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  e1ad3fe6d1a7efa2dd27f32d78abf43f6adb0d27e00044168db258d95e1ef4d4
- Size
  
  937KB
- MD5
  
  9a8457b3a9c9d71e11ab219de1c8d503
- SHA1
  
  04a43d7bbb61082d832be616de6728b54619a26d
- SHA256
  
  e1ad3fe6d1a7efa2dd27f32d78abf43f6adb0d27e00044168db258d95e1ef4d4
- SHA512
  
  572bf667f4b611d74e43965295f316bf11e7bbe955f572a6105055d7dc88456ac78c3924b7410b5507f77eb9a30283622a45d719a8cacfa41a83477f6de34d63
- SSDEEP
  
  24576:HQfpzjXPgft8CJV4X+IBIJ3cazaLwj1mCG9CpNiLi:IFDgBJV4OaIRj150CpNiLi
Score

10^/10

gozi 4500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi4500bankerdiscoveryisfbtrojan

behavioral2

gozi4500bankerdiscoveryisfbtrojan