gozi | 82782f6ac4ef55ee9521b3b0ac2591f698bc37390aaf96a97775d067e300af42 | Triage

Sharing

General

Target

JaffaCakes118_82782f6ac4ef55ee9521b3b0ac2591f698bc37390aaf96a97775d067e300af42
Size

507KB
Sample

241222-ctltjazlfm
MD5

eabff1707a780b5a5b2ffaa6a4d28222
SHA1

bf17d986680983405bdfb500ea39269a438f8821
SHA256

82782f6ac4ef55ee9521b3b0ac2591f698bc37390aaf96a97775d067e300af42
SHA512

705a3d892948c2edc7399df8caf775769d7a9cda1d932b0d79191a2b86e4a0940526e0cafe4bb74d1fd513ed738b8f664a6c3c2cf9ce29529b6ee86a75733983
SSDEEP

12288:213jxeTWKBZejxO/hdSH03bdwctET1nDNE40zX4FQ:AteTJBc43bdx+xR0w

Score

10^/10

gozi 6100 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

6100

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_82782f6ac4ef55ee9521b3b0ac2591f698bc37390aaf96a97775d067e300af42
- Size
  
  507KB
- MD5
  
  eabff1707a780b5a5b2ffaa6a4d28222
- SHA1
  
  bf17d986680983405bdfb500ea39269a438f8821
- SHA256
  
  82782f6ac4ef55ee9521b3b0ac2591f698bc37390aaf96a97775d067e300af42
- SHA512
  
  705a3d892948c2edc7399df8caf775769d7a9cda1d932b0d79191a2b86e4a0940526e0cafe4bb74d1fd513ed738b8f664a6c3c2cf9ce29529b6ee86a75733983
- SSDEEP
  
  12288:213jxeTWKBZejxO/hdSH03bdwctET1nDNE40zX4FQ:AteTJBc43bdx+xR0w
Score

10^/10

gozi 6100 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi6100bankerdiscoveryisfbtrojan

behavioral2

gozi6100bankerdiscoveryisfbtrojan