gozi

Sharing

Copy URL

Twitter E-mail

General

Target

d8f3fedde975e393530b694eee1ef9c981b48bc46b4e24749c20189a6fa58e79
Size

1.9MB
Sample

241221-v5xz2svler
MD5

a2551d50157208ea0b81399b8b44d46e
SHA1

1f8b218fee39e7fb61be18325279fead0699d2f7
SHA256

d8f3fedde975e393530b694eee1ef9c981b48bc46b4e24749c20189a6fa58e79
SHA512

3657a1dde617a65f3a25a1b363512b33aa4c3fb953cdbe93a29bfa9155fb9d8ac64f717a608b7883e8e5f6aeb78740ba8b934defc5561acc89d51265c3e71a20
SSDEEP

49152:5r+vSO4oI3CFrbm439351XisadRziGVIopG0msh5DvLq:5II30b5jpiHT7Vcsh5Dv2

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3300

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Extracted

Family

trickbot

Version

100011

Botnet

mon44

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Extracted

Family

gozi

Botnet

2200

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Extracted

Family

trickbot

Version

100011

Botnet

mon48

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Extracted

Family

trickbot

Version

100011

Botnet

mon42

194.5.249.156:443

142.202.191.164:443

193.8.194.96:443

45.155.173.242:443

108.170.20.75:443

185.163.45.138:443

94.140.114.136:443

134.119.186.202:443

200.52.147.93:443

45.230.244.20:443

186.250.157.116:443

186.137.85.76:443

36.94.62.207:443

182.253.107.34:443

Attributes

autorun
Name:pwgrab

ecc_pubkey.base64

Targets

- Target
  
  202102121641_48eacf290c0ed6287672551fcf426053f754c126c01fe6a01009c0ba599d3b8f.bin
- Size
  
  430KB
- MD5
  
  e31f19e922d23d120305a0f4814f823e
- SHA1
  
  e78cea0939f886834af7844325baf57f500556ed
- SHA256
  
  48eacf290c0ed6287672551fcf426053f754c126c01fe6a01009c0ba599d3b8f
- SHA512
  
  7fbec934aa980951c4b05eaa2544a308effc9c4ae7b3f8ef82a7c10d294f96c2a41537eede8b2afe8f20683979145b33cd2e4e5a19ea76ce5f02cf1a0712f555
- SSDEEP
  
  6144:S0O2GjydTwLK1KoiZxVtWcFoPQ4lmTZ4uvbCnfhSB8DX98I7EwlYOpvJe:S0O2GjydTwLK1Kf0chl4H5C8xNrvJe
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  202102121641_4b32c3c2d28237ba331ae94e7fe4dfb566a0902d59eb84aa793b3adf0a5f378c.bin
- Size
  
  603KB
- MD5
  
  0da0dabe99b1df919b6fd27d803db851
- SHA1
  
  9b4c420185069f81ba887cd38feee498d2c3f1d6
- SHA256
  
  4b32c3c2d28237ba331ae94e7fe4dfb566a0902d59eb84aa793b3adf0a5f378c
- SHA512
  
  6bcbcaed03b99438a25efec6492153db82b5bbcef91a892abacbe5dc2ac9d78e89e2a3104ca411dffe242f6a3ead752d824cf054a7086a30039755b747400b03
- SSDEEP
  
  6144:2lmsLx7R9NyJjRt954TeSK2gWMi9NmeLRsAiXbrvLxYKHBnVksLRFynJ9fQql7:2lL7s954eSK26LeLXivLVhVd/yL7
Score

10^/10

trickbot mon44 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral3 behavioral4
- Target
  
  202102121641_7ae7db00b573a89b9c435a5147a265dd939d99552b92b5dd9baa9a16f95ae9d5.bin
- Size
  
  300KB
- MD5
  
  d564753c69c611fb485af9b66b967630
- SHA1
  
  056f88c4f7f0ed8f746f36f3cc37961c606bbf40
- SHA256
  
  7ae7db00b573a89b9c435a5147a265dd939d99552b92b5dd9baa9a16f95ae9d5
- SHA512
  
  ade094db28924395908b6afff429ae716e0f58b7a4eef04f835bef5bff5e476c0fd3754ac94cb6810b67d6c666995e0fc45c05da33bf48a3a9b7f1dac17ddeea
- SSDEEP
  
  6144:1YLvUrbTO4P+kKBsuxBFcID9jG8yffrngnJ0qE1uyGjAkeIJ2:+gLO4PP+seLcg9K8jJ0qnFJ2
Score

10^/10

trickbot mon42 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral5 behavioral6
- Target
  
  202102121641_8600b6aff4ee95d4f78e5dc77f66af3c07241db926b053144943361bc64c37f7.bin
- Size
  
  216KB
- MD5
  
  06ddae0e67a048aff8829413a7903bec
- SHA1
  
  aee60f4e070f845183b59f16dad84a72733e4d0a
- SHA256
  
  8600b6aff4ee95d4f78e5dc77f66af3c07241db926b053144943361bc64c37f7
- SHA512
  
  8dbecf12c003a996f4f41e9e087531a3c6e1572aaf6f4e6e0538d155febb3c5b20fe8cf0b267716091f5db656a95d5de9254fc911056883380589863d899e1bd
- SSDEEP
  
  3072:rjChB4NswcWG1Ze815ce6gWo3ll1SY+vQ2Q8QKP5hGicub/HFrwRu+:rk6ewcTP6eUo1l15+ZP5gqlC
Score

10^/10

gozi 2200 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral7 behavioral8
- Target
  
  202102121641_ae55975bd40147ab3b9a02f1e2e0279f714bce9845d26ace252cd590a42d733d.bin
- Size
  
  93KB
- MD5
  
  913c77883aa2e28ec98e5cf86d6fc2cb
- SHA1
  
  5a5c60b32770cb4654269a812d07e13767ad7ed6
- SHA256
  
  ae55975bd40147ab3b9a02f1e2e0279f714bce9845d26ace252cd590a42d733d
- SHA512
  
  8722b1958bdea7c23073d4f26c8f47221244ff44d243d253948a48d3635b5c96131078cb867e3f83f6cfdb4800c26ca4da9b4c12ce56219591b5c716ba058bf9
- SSDEEP
  
  1536:Hp8F8N2PU39eB+thp5sgHp6qeIyHCsousUotPPlByJbo3:Hp8RPUt73pjQ+YoHtPtB
Score

10^/10

gozi 3300 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral10 behavioral9
- Target
  
  202102121641_c642dca14e48cae8391d5f100304b399b70a9c3967d7b7d3949ead3b96ba1a63.bin
- Size
  
  382KB
- MD5
  
  7ba23b2b6b50cfc3711362f465d926be
- SHA1
  
  299c710f249b80580105014d4e4e9b92f32e0577
- SHA256
  
  c642dca14e48cae8391d5f100304b399b70a9c3967d7b7d3949ead3b96ba1a63
- SHA512
  
  9954690178c9ceb30edd7a44ab9d662a32c669a2b6eedaf6582274aaf3752426bca0e4e6ee1dc6e1a864e0cf3364314198108aab13c88f7272775c31a53491ea
- SSDEEP
  
  6144:fPJ2RupdW5InjhWSfLCkRQLJ93pwGWszsMuB6y4WRCk4y7hiJm:qQdZjhW8LDR2dPWcsMuB54WRb7hiJm
Score

10^/10

trickbot mon44 banker discovery trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
behavioral11 behavioral12
- Target
  
  202102121641_cc849b895a0c8237f81ca3fe6395929713fb7b3f0a7744d3ddc3cb08f9f4351d.bin
- Size
  
  596KB
- MD5
  
  e07d47927df912332bc84b3f98586091
- SHA1
  
  b55a9ae7a9ccd44dd3516e557e295e3f1cce750e
- SHA256
  
  cc849b895a0c8237f81ca3fe6395929713fb7b3f0a7744d3ddc3cb08f9f4351d
- SHA512
  
  05fc68821232f43b1b598a5c3989d18e5487f87316803a8d2e732cd1afed88034f6482be256c9894a4a56b6fe4efdec748a982c90c7609c64d24ff77b5b56396
- SSDEEP
  
  6144:Gp/yi90cYdmY9BRYZxhYVnacWeBg4luVJpVG0qMdRWGzwa1NGr43FUHcI3Gs3OZD:Yai45Taefl2pEQRWGzPMr418GwaPIMT
Score

10^/10

gozi 2200 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral13 behavioral14
- Target
  
  202102121641_f1b9d5520ba13179e19b336e542d18b0bd9f39a2b41d88a739625c8480422b73.bin
- Size
  
  329KB
- MD5
  
  48cab21fcbe254e7c83f4c1d455a39dc
- SHA1
  
  b96c1f765abb14eb401cacab6f6e203c3a255df9
- SHA256
  
  f1b9d5520ba13179e19b336e542d18b0bd9f39a2b41d88a739625c8480422b73
- SHA512
  
  0375a26a2d6d8990d202b75b4cb6797d03300ddc077c4dcb05778365212644ee49ce6e437fde0b77e1b8179d01ffad028635869d2f3897333b85471724d15ebc
- SSDEEP
  
  6144:aNwmpjb5sDo7TgHLC8X9cL4MoOm/ELg22LCs+7/WRE:aFHs5C8e4MPgELILCs8/EE
Score

10^/10

trickbot mon48 banker discovery packer trojan
- Trickbot
  Developed in 2016, TrickBot is one of the more recent banking Trojans.
  trojan banker trickbot
- Trickbot family
  trickbot
- Templ.dll packer
  Detects Templ.dll packer which usually loads Trickbot.
  packer
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Trickbot

Trickbot family

Templ.dll packer

Trickbot

Trickbot family

Templ.dll packer

Gozi family

Gozi

Gozi family

Trickbot

Trickbot family

Gozi

Gozi family

Trickbot

Trickbot family

Templ.dll packer

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16