gozi | 90084242fd519b3a14db407c7ba6fb2db26be500c2ea4f466af8887cd472fb67 | Triage

Sharing

General

Target

JaffaCakes118_90084242fd519b3a14db407c7ba6fb2db26be500c2ea4f466af8887cd472fb67
Size

626KB
Sample

241221-yt8tysymbl
MD5

f2da170689dde4b9a97c5305503cb3d9
SHA1

89fce97c5194e0498fe9c9cc19a4f7af208aa3f0
SHA256

90084242fd519b3a14db407c7ba6fb2db26be500c2ea4f466af8887cd472fb67
SHA512

061c4ab465a38ff6341f0886e607a15921ac922a17d54e3801c06ddf356cb2a38941e9c7499c59b9fa3332dc18a6576960cd7c050b599e083b8497f9e45c28fe
SSDEEP

12288:QxHGz7jrsxOZWGvw2uV+HZfyWdAHKHRuhtOJbIP5UsT9GdOxRCeg:jtWGvCV+5Qo8hPNT961eg

Score

10^/10

gozi 5513 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5513

C2

greenwoodgrace.website

Attributes

base_path
/manifest/
build
250187
dga_season
10
exe_type
loader
extension
.cnx
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  JaffaCakes118_90084242fd519b3a14db407c7ba6fb2db26be500c2ea4f466af8887cd472fb67
- Size
  
  626KB
- MD5
  
  f2da170689dde4b9a97c5305503cb3d9
- SHA1
  
  89fce97c5194e0498fe9c9cc19a4f7af208aa3f0
- SHA256
  
  90084242fd519b3a14db407c7ba6fb2db26be500c2ea4f466af8887cd472fb67
- SHA512
  
  061c4ab465a38ff6341f0886e607a15921ac922a17d54e3801c06ddf356cb2a38941e9c7499c59b9fa3332dc18a6576960cd7c050b599e083b8497f9e45c28fe
- SSDEEP
  
  12288:QxHGz7jrsxOZWGvw2uV+HZfyWdAHKHRuhtOJbIP5UsT9GdOxRCeg:jtWGvCV+5Qo8hPNT961eg
Score

10^/10

gozi 5513 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi5513bankerdiscoveryisfbtrojan

behavioral2

gozi5513bankerdiscoveryisfbtrojan