gozi

General

Target

JaffaCakes118_ec5a85a45b8bc7969e98df28ee56d01996a98ae3b4e3338b192f00b4435d3383
Size

233KB
Sample

241222-g6jxxsxnhm
MD5

b8933fa15ce8f3e0c4b675af8eb9ad6e
SHA1

50da2936ce25f5e557df333f1706e9b3b726638f
SHA256

ec5a85a45b8bc7969e98df28ee56d01996a98ae3b4e3338b192f00b4435d3383
SHA512

9b76a1b052035711185e2800a97b9dfd6e1016a5652a6b794b6d59c3b504003f5a2518b1b4353db94e36c771fece3332d912f384850c9a0996f6d239efc20291
SSDEEP

6144:/8INmzFIZge9XSFe+LBqtVw/wElYlWNLhQGOE:kv49XSQ+LBqtKlCWDQG7

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

4355

C2

updates.microsoft.com

haloopolikosul.xyz

trapolikoliosilios.xyz

Attributes

base_path
/manifest/
build
250177
dga_season
10
exe_type
loader
extension
.cnx
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  602b97e0b415b.png
- Size
  
  335KB
- MD5
  
  262590037c93a5496b38565c9dfc85d8
- SHA1
  
  29616a643f896d6ab55d7129a813fa4056400c0e
- SHA256
  
  eaeb42576fb19b866abdc99b5b8f867f3c69d8da9e941f2ca5af1f0e3e342a6c
- SHA512
  
  c566f68a5d8b6769595836bffdf7e05b439a9a26ed7a500348a6ca4dea3effbdf0db1da64d219b7c6ac35143604782d5ffd47633a6297e3191224210d4de0bee
- SSDEEP
  
  3072:lYEuU/HsL0icNk2S/G7xBYT147Q1zzWpYnJw19qVFXEqnQvSoLRRybz5m76nf7fF:ypGHq8ujuVeZWQ1WmnaHqrCybs+fbpC
Score

10^/10

gozi 4355 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2