gozi | e36181ec4a214dfbdc1cd514a1d6353f8263e324d0fea11b32e418dbade93611 | Triage

Sharing

General

Target

JaffaCakes118_e36181ec4a214dfbdc1cd514a1d6353f8263e324d0fea11b32e418dbade93611
Size

237KB
Sample

241222-m2e13avqcv
MD5

ef84638c8b10bdeb72b76b172d86017e
SHA1

fa431904e332addf8b212699789dfc03ca561ba2
SHA256

e36181ec4a214dfbdc1cd514a1d6353f8263e324d0fea11b32e418dbade93611
SHA512

af0c2760d4144941472d3ef9bdeb666df53346592aa0c5f62bb2b87f09d39d7cec4a41c1fe5887c8eb023bba14f0abcb2fdb4fc29f0d1305e30157cd01bc086d
SSDEEP

6144:UKBEkd/dgcJxNwXfzdwPlMjFHrfrpRcmGRiJhtdsW:UTvcfevBwNMjBjrfGRedsW

Score

10^/10

gozi 2500 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2500

C2

atl.bigbigpoppa.com

pop.urlovedstuff.com

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  4a9101eedac349f9363fa76025195945ec79c6c6.bin
- Size
  
  348KB
- MD5
  
  2ffb89e36cccc8955c9da3f8e4c618f5
- SHA1
  
  4a9101eedac349f9363fa76025195945ec79c6c6
- SHA256
  
  4c1521c42afc6a16bccfcce47ddaaad622c63de601a7d2395c64cf00e783fea3
- SHA512
  
  baa971f8941e84ebb57b84ac0caeab225051a7284f6c74ddc37506491d65aa6b7472cebe97f21fb2817d0928ef4e28c62d5339e77e11b762b9301d4441f298d8
- SSDEEP
  
  6144:qYlGMLjIsJnsrYBiTkF1YqDiUrNegsi74kRadUo4Tv:qYl1vIsJn5BiYT7TYgsS4kRadUo4
Score

10^/10

gozi 2500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi2500bankerdiscoveryisfbtrojan

behavioral2

gozi2500bankerdiscoveryisfbtrojan