gozi | 68f87a49ca4f6f1fe31b3e26a0988f13c270c66cf45e94f2e83fd0c41b63564b | Triage

Sharing

General

Target

JaffaCakes118_68f87a49ca4f6f1fe31b3e26a0988f13c270c66cf45e94f2e83fd0c41b63564b
Size

388KB
Sample

241222-hcz8gsxnew
MD5

2f8bb0d0e7a4b45a55014ff54994c406
SHA1

10292225ec6ae8ebb38dc0a15371a932adb5e94d
SHA256

68f87a49ca4f6f1fe31b3e26a0988f13c270c66cf45e94f2e83fd0c41b63564b
SHA512

d8d4d8b845d54bfc3626c9508544c28b6f798ffa952f5dc64608625368fa6d7e7a3f47b42610fcc7251767e8bce543d162b94ce1ffb6cb15e1679117847ccfa4
SSDEEP

12288:SNsIgKW2gzesp1tPL2/J3y0Fgq4xoxdPCMLrmK0X:esnAyXzijqq4yxJCMu

Score

10^/10

gozi banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  cbc399f8957918ca58b540080687665e.bin
- Size
  
  604KB
- MD5
  
  cbc399f8957918ca58b540080687665e
- SHA1
  
  66fd6764a289bbd0c070f2868b9b3dfcaf189870
- SHA256
  
  2b330d2eea637a524621dca0b18db45b53d7542d21323afed1f454f3437c4d3e
- SHA512
  
  a795587c0529e5119e81edfb7ef3480bcd2a6ef5a9e8d4982c4edcd2fdaf66fb77ed0528bc6ce13f3b3667fb6364b4710b8dc5c5843afd11ed982877ee1bf84f
- SSDEEP
  
  12288:ubTQAMhOCFjTL9Lw9EEiUE4ceBYOhCX88Y1OuHXBIvV1IB:qTQATCFj9U9R4jy8sOuXBIvv4
Score

10^/10

gozi banker isfb trojan discovery
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerisfbtrojan

behavioral2

gozibankerdiscoveryisfbtrojan