gozi | 8daa370c36907b0b89b8b975a5e41b8d4d62e9148b350300fc2468c62fdf9d6c | Triage

Sharing

General

Target

8daa370c36907b0b89b8b975a5e41b8d4d62e9148b350300fc2468c62fdf9d6c
Size

626KB
Sample

241221-vl1xlatmgt
MD5

a72d82f2a3ba801ff95a3fce4211cdc2
SHA1

47539ff4f9fc658f6f87a792f1dffd85a861c584
SHA256

8daa370c36907b0b89b8b975a5e41b8d4d62e9148b350300fc2468c62fdf9d6c
SHA512

b446c6d5c3e97acb52a3c7fd073deea97d742d1a720917ddd589098164d6079401ac77401bae54419d23914ff97a54bf67a0f7d63e5fc64972ee8a4480308723
SSDEEP

12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zf:+w1lEKOpuYxiwkkgjAN8Zf

Score

10^/10

gozi 999 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  8daa370c36907b0b89b8b975a5e41b8d4d62e9148b350300fc2468c62fdf9d6c
- Size
  
  626KB
- MD5
  
  a72d82f2a3ba801ff95a3fce4211cdc2
- SHA1
  
  47539ff4f9fc658f6f87a792f1dffd85a861c584
- SHA256
  
  8daa370c36907b0b89b8b975a5e41b8d4d62e9148b350300fc2468c62fdf9d6c
- SHA512
  
  b446c6d5c3e97acb52a3c7fd073deea97d742d1a720917ddd589098164d6079401ac77401bae54419d23914ff97a54bf67a0f7d63e5fc64972ee8a4480308723
- SSDEEP
  
  12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zf:+w1lEKOpuYxiwkkgjAN8Zf
Score

10^/10

gozi 999 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi999bankerdiscoveryisfbtrojan

behavioral2

gozi999bankerdiscoveryisfbtrojan