gozi

General

Target

JaffaCakes118_26565bb980df7e0a005468cf2764cc72075ead4b6673c16b319c9c6b029b1bd1
Size

311KB
Sample

241222-kl8mbs1nex
MD5

8e461d3cc8cea851ac92cb177551cacb
SHA1

e43e6f456940bcdd8771d74e7b7286093743d2f8
SHA256

26565bb980df7e0a005468cf2764cc72075ead4b6673c16b319c9c6b029b1bd1
SHA512

2b387c8daa6fe03a8b01c4ed3fb6a0e570c9bc494688a3c178ce1ba37e9962c8b00714146712c336832c62f2d330e71e7b0ed60b88abfd167cf2be227d87b02a
SSDEEP

6144:7Xj6vW/GxlHSdiOMd9qen1T7jsruGeTOslOf2ez2Tgc8z3KJB:7zU4MhSjyqen9MrurlOf20O6rKJB

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5500

C2

windows.update.com

shop.microsoft.com

fraloopilo.xyz

paladingrazz.xyz

Attributes

base_path
/manifest/
build
250177
dga_season
10
exe_type
loader
extension
.cnx
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  kybe3.dll
- Size
  
  563KB
- MD5
  
  c7eeecef364f35c1b3f56b3136d5607f
- SHA1
  
  17b1f56ce5ffed92d7939315ebc1818157f02506
- SHA256
  
  f2059f3054bee3cb57c666b3994c0cf3aa61c981e2d70a798b5f1f43a189f20a
- SHA512
  
  31da7d5d631dd7809e252374dded9ab47fe17875ae53a8680e1aa433dda65cbe4688f6a3d1afaca67dcb30756c988476381444e1c6e16090bb4b7278a52b6f34
- SSDEEP
  
  12288:qk4mO6uu/lzsGqjV6L3hKkXHqb2Nqdi3/BkldTdlX8A1:qk4Z6uutAGMVQRLX62wiJkldTP8A
Score

10^/10

gozi 5500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2