gozi | 43d1fbb14a1f47e121bba320f9500f45bf6fbe14c0a19c59998dde0befde2f54 | Triage

Sharing

General

Target

JaffaCakes118_43d1fbb14a1f47e121bba320f9500f45bf6fbe14c0a19c59998dde0befde2f54
Size

96KB
Sample

241221-z3wreszpbm
MD5

23fc619491afe13d9c1d08cbc57ca814
SHA1

9a9e5297242fe2a5a7d8dc2b7269367875c58ff1
SHA256

43d1fbb14a1f47e121bba320f9500f45bf6fbe14c0a19c59998dde0befde2f54
SHA512

1bb4b573272d69fecf71fc6bb7cbfac336c02291c54f6d52bb2df0be50e577040dcac953e35ea552f25185d77e488ccf83813945fe3d8f616ec531f7df06d1ae
SSDEEP

1536:DWKaY5Se9WnVI78XvnoxJasJvRHKmyGDvDk0Rt9Y56l5ZMpvV05o9OX5xPw8:DWa0eQnVI7qCqZGDvDk4wol5w0EU

Score

10^/10

gozi 5566 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5566

C2

bing.com

update4.microsoft.com

under17.com

urs-world.com

Attributes

base_path
/joomla/
build
250187
dga_season
10
exe_type
loader
extension
.akk
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  JaffaCakes118_43d1fbb14a1f47e121bba320f9500f45bf6fbe14c0a19c59998dde0befde2f54
- Size
  
  96KB
- MD5
  
  23fc619491afe13d9c1d08cbc57ca814
- SHA1
  
  9a9e5297242fe2a5a7d8dc2b7269367875c58ff1
- SHA256
  
  43d1fbb14a1f47e121bba320f9500f45bf6fbe14c0a19c59998dde0befde2f54
- SHA512
  
  1bb4b573272d69fecf71fc6bb7cbfac336c02291c54f6d52bb2df0be50e577040dcac953e35ea552f25185d77e488ccf83813945fe3d8f616ec531f7df06d1ae
- SSDEEP
  
  1536:DWKaY5Se9WnVI78XvnoxJasJvRHKmyGDvDk0Rt9Y56l5ZMpvV05o9OX5xPw8:DWa0eQnVI7qCqZGDvDk4wol5w0EU
Score

10^/10

gozi 5566 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi5566bankerdiscoveryisfbtrojan

behavioral2

gozi5566bankerdiscoveryisfbtrojan