gozi | 76b02d43ff72b89e786743bf467862e6c2439ee93de7b301e1e81ed0a4dd8e2f | Triage

Sharing

General

Target

76b02d43ff72b89e786743bf467862e6c2439ee93de7b301e1e81ed0a4dd8e2f
Size

626KB
Sample

241221-wcwrysvnhj
MD5

04cc3ff695caf84da2c13799387fdd68
SHA1

711bdd9c13d3cf42cfc6fd80709dc15c0a35d6fc
SHA256

76b02d43ff72b89e786743bf467862e6c2439ee93de7b301e1e81ed0a4dd8e2f
SHA512

27c406983e026981e4f37f0f3cd3da81358fcc3de2203ed8b5d12c66acdd68bac66258d3ddb4c5cf6190f8f055af9f9a3ed37cf644f97d196b6aa5b3ec94e0d8
SSDEEP

12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZZ:+w1lEKOpuYxiwkkgjAN8ZZ

Score

10^/10

gozi 999 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  76b02d43ff72b89e786743bf467862e6c2439ee93de7b301e1e81ed0a4dd8e2f
- Size
  
  626KB
- MD5
  
  04cc3ff695caf84da2c13799387fdd68
- SHA1
  
  711bdd9c13d3cf42cfc6fd80709dc15c0a35d6fc
- SHA256
  
  76b02d43ff72b89e786743bf467862e6c2439ee93de7b301e1e81ed0a4dd8e2f
- SHA512
  
  27c406983e026981e4f37f0f3cd3da81358fcc3de2203ed8b5d12c66acdd68bac66258d3ddb4c5cf6190f8f055af9f9a3ed37cf644f97d196b6aa5b3ec94e0d8
- SSDEEP
  
  12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZZ:+w1lEKOpuYxiwkkgjAN8ZZ
Score

10^/10

gozi 999 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi999bankerdiscoveryisfbtrojan

behavioral2

gozi999bankerdiscoveryisfbtrojan