gozi

General

Target

JaffaCakes118_aebc340869b051f2f2b819d87b00c8b168274100bd650d7f2a04f487b06a8c81
Size

270KB
Sample

241222-h2fv5syqdk
MD5

381feeb21f6f2ac230ef7f54c0e7c338
SHA1

2a8a1fd121e7af4de8b967b4e6e83330d49c919d
SHA256

aebc340869b051f2f2b819d87b00c8b168274100bd650d7f2a04f487b06a8c81
SHA512

3a889858ab3053f0365e84eb510fe2885027c2ff550f9fee670e17c3550c6ae663a5c57ac7e3c7a5b040828506695d1f4b9fa1cbb6fed74131ee1403a73cde99
SSDEEP

6144:I9g/j1cWikd3nogCmukGwi86X3ryqsPnZf:I2Jcw3VQwEr6Zf

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7612

C2

securezzalink.top

securezzalink.space

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  00a6659355525272bce8845b6db89d2d9f89e6b96bd5379292ebfebf9cbbe68e
- Size
  
  490KB
- MD5
  
  08bd4c8bd321cb906c9275d0231f57b3
- SHA1
  
  08f3b0f78e0c26898eca40792d499162b13a6036
- SHA256
  
  00a6659355525272bce8845b6db89d2d9f89e6b96bd5379292ebfebf9cbbe68e
- SHA512
  
  15023399a0df8bb361aeac6795553c19e1fe7f8f80d1386d48bfb1cd280741349e8e0eeb0cd57bf1b044e0aa5984415afff4905fff4bb2ffc369c418ed1637dd
- SSDEEP
  
  12288:HR2lg/gRebHUdOVFPlqv/nD9a9f6np9C1fxP3HC9/:HR2GYkbHUgVtlCA9ypyJs
Score

10^/10

gozi 7612 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2