gozi | 5ae2bfbcb10f2e75dca7623a8a498e7b54f457c6bc1f446dd323007757ca5759 | Triage

Sharing

General

Target

5ae2bfbcb10f2e75dca7623a8a498e7b54f457c6bc1f446dd323007757ca5759
Size

626KB
Sample

241221-v7k39svkds
MD5

ec4e4a12ec967c59f1f8db69aae98d85
SHA1

447ef4a42a0cb3551eee17c13f288df50df5ac08
SHA256

5ae2bfbcb10f2e75dca7623a8a498e7b54f457c6bc1f446dd323007757ca5759
SHA512

168fcab8799e20f6a12f5a0e5f614f2a30d96a14d415c78c78cc53c8decd8de85f71e368e55686e0ed2acc906b1969c44aaea4044eb79e654f1cc3ec60498417
SSDEEP

12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zb:+w1lEKOpuYxiwkkgjAN8Zb

Score

10^/10

gozi 999 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  5ae2bfbcb10f2e75dca7623a8a498e7b54f457c6bc1f446dd323007757ca5759
- Size
  
  626KB
- MD5
  
  ec4e4a12ec967c59f1f8db69aae98d85
- SHA1
  
  447ef4a42a0cb3551eee17c13f288df50df5ac08
- SHA256
  
  5ae2bfbcb10f2e75dca7623a8a498e7b54f457c6bc1f446dd323007757ca5759
- SHA512
  
  168fcab8799e20f6a12f5a0e5f614f2a30d96a14d415c78c78cc53c8decd8de85f71e368e55686e0ed2acc906b1969c44aaea4044eb79e654f1cc3ec60498417
- SSDEEP
  
  12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zb:+w1lEKOpuYxiwkkgjAN8Zb
Score

10^/10

gozi 999 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi999bankerdiscoveryisfbtrojan

behavioral2

gozi999bankerdiscoveryisfbtrojan