gozi

General

Target

JaffaCakes118_641a0017a240838c591613787aaab3644a1be70bde4b6853fc8170ec01cf1013
Size

187KB
Sample

241222-aqrjhawkgj
MD5

3421a83e0d0de6954c818abda3768849
SHA1

76c6ff27c4a8c6660e5ac4c764fbba26eab4fe9f
SHA256

641a0017a240838c591613787aaab3644a1be70bde4b6853fc8170ec01cf1013
SHA512

6b99eb6658616f66b3ec887582d78414e89c536a3ace9ae4554627e6ea8b1328facdda1a5eb77e0999f61d48a4c63e7239e645402d7ed885f3825ed3db00e1f5
SSDEEP

3072:lDazC5YP+oRlzaKPeGggoQHWH4bWGAalVgOucrgjWuiQ06GFg1Xx1kBmZDpOrbXv:NkC5YPVzaKWozc46GAa3gwi8Q06oqCUy

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

9095

C2

http://google.mail.com

http://392184281.com

http://592182812.com

https://392184281.com

https://592182812.com

Attributes

base_path
/glik/
build
250218
dga_season
10
exe_type
loader
extension
.lwe
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  9095.dll
- Size
  
  1.5MB
- MD5
  
  a7408cf2d8a68c9d621f04510d013c25
- SHA1
  
  06710b16a700b2f86ec7b77204b7d132a83a34f0
- SHA256
  
  67ca5cc17611a5292c116f492af8a96caebbe3539e3744daaa1f1c1a5cf72d05
- SHA512
  
  04fc31d8fab45ec43490c1391e06a84e6f8e734ba6c80833351026ae9cf1420a92718875fd55b963d9b5a83b695f962fec6398991409d45f0dbc83e6f0b491d8
- SSDEEP
  
  6144:C/mh48sQe3KipXDjA5d86CT9p2mxKvQCPRub+:9mVQmoEL1uQ9q
Score

10^/10

gozi 9095 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2