gozi | 123d973289d40a5a59dd3def92abf1e0f86c6fd06cd8a1b70f31b066d535b6d2 | Triage

Sharing

General

Target

123d973289d40a5a59dd3def92abf1e0f86c6fd06cd8a1b70f31b066d535b6d2N.exe
Size

256KB
Sample

241222-mx7khswjdm
MD5

bfbcbbd1b22e19b549504e7ad04e95f0
SHA1

3da942784b13e10c36e3fceac8e86e12e4368280
SHA256

123d973289d40a5a59dd3def92abf1e0f86c6fd06cd8a1b70f31b066d535b6d2
SHA512

ebd1fd86e24682f2c8344bfa13eb95edabb46a5863d7d8a2bde27b258b9309c6fb8b4da9bdaa291726e82e4d01928ddae1b1dbd0d07581747ea65ec41dadb5f4
SSDEEP

6144:KVQeVilAqaAKPmKmjHixTAiXLddsrTUqV2y:KVUpKWkTvhqTUqV7

Score

10^/10

gozi 1053 banker discovery isfb persistence trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1053

C2

127.0.0.1

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  123d973289d40a5a59dd3def92abf1e0f86c6fd06cd8a1b70f31b066d535b6d2N.exe
- Size
  
  256KB
- MD5
  
  bfbcbbd1b22e19b549504e7ad04e95f0
- SHA1
  
  3da942784b13e10c36e3fceac8e86e12e4368280
- SHA256
  
  123d973289d40a5a59dd3def92abf1e0f86c6fd06cd8a1b70f31b066d535b6d2
- SHA512
  
  ebd1fd86e24682f2c8344bfa13eb95edabb46a5863d7d8a2bde27b258b9309c6fb8b4da9bdaa291726e82e4d01928ddae1b1dbd0d07581747ea65ec41dadb5f4
- SSDEEP
  
  6144:KVQeVilAqaAKPmKmjHixTAiXLddsrTUqV2y:KVUpKWkTvhqTUqV7
Score

10^/10

gozi 1053 banker isfb persistence trojan discovery
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi1053bankerisfbpersistencetrojan

behavioral2

gozi1053bankerdiscoveryisfbpersistencetrojan