gozi

General

Target

JaffaCakes118_56ae4c3167ae5f55035d9706026e412f643b59d09b9dbce8b0ad8c8855491c62
Size

124KB
Sample

241222-althasvpev
MD5

eab6ce03a942b4b8961c9bd72ac3e75c
SHA1

4208582ad839dee47daef7d6f51590d8d59f069d
SHA256

56ae4c3167ae5f55035d9706026e412f643b59d09b9dbce8b0ad8c8855491c62
SHA512

de6812a7679136c816a7f1f2c63660c2bb24960fda6bf60ae50a30c5655b5fd1bad39be9ae718edaaed4b7d8c0b694d637b22d2f020a274a47202af431aaf57c
SSDEEP

3072:G0VnJqHsm6fm1UcJtzALFUBEACVAHQjbRGrsHleXXQl5Ep4ne:rqMm6uTULFU7CVzXRKsFGm5CYe

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8005

C2

ssddl2.microsoft.com

siberiarrmaskkapsulrttezya.ru

sibedriamasterkkmoderatordstezya.ru

massidfberiatersksilkavayssstezya.ru

dolsggiberiaoserkmikluhasya.chimkent.su

dolsibegriaosersk4ermanderezya.chimkent.su

rdosdripakloserikabyatezya.chimkent.su

rusddripakoloserufinurtdrfezya.chimkent.su

ripakteenrufinishryeuliliezya.ru

rufiteemnisripakhglassdzya.ru

rufinisrufripakhmileronurzya.ru

rurugyrfripakinishtokokusstezya.ru

rufislomnishsripakerdfnstezya.adygeya.su

Attributes

build
250161
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  canon_dsc_sdrc231.zip.exe
- Size
  
  221KB
- MD5
  
  3820ca814fdb124f9b5cb465950f725a
- SHA1
  
  5effd15953eeb165d3300679c0451a6f39a862d4
- SHA256
  
  3e1ea4ffc3199dcbd8e3ab3f4d4382c364717c6551ea5385e654a735aabb69ad
- SHA512
  
  c9e289d05b967dd346de2fb20d1f976b5cb0384cf8b1c44bab405cfd03ddcc8c4922a68189ad0067b983e193c146c4ff2609b460cdec51af905d6cdf3e96fcca
- SSDEEP
  
  3072:fEN9PALC3+C2hdYp1Zd6Mq/5Ow7YdY9D3gMTjETxpbYspOHpkP:fJLupDZ0M/1W3ggjETTyHpk
Score

10^/10

gozi 8005 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2