gozi

General

Target

JaffaCakes118_ae98342ed899c8ec2d468cf675508e46039af9db21ecf52c82341d5a4deaf436
Size

553KB
Sample

241222-pwcd4aypap
MD5

a3aa4f007de91e10516196bf660e9372
SHA1

65e10a61b3214e75b829e937614da67bdeb28626
SHA256

ae98342ed899c8ec2d468cf675508e46039af9db21ecf52c82341d5a4deaf436
SHA512

6b11623a671a4d004a9742ced266d414471a76d289c5f1bea2bb25d518cfcf93ebc5d659cb7c515b407ba9d9d2da9cefb7b8dac10f0aadfd4c998fbfff1c2c77
SSDEEP

12288:Oz676RqULZ6Bu1aUI5UYhPFcz3OyeKzqOM1siT9:GDRqo6Bu4UI5hhPFcTXemjqT9

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

4500

C2

app3.maintorna.com

chat.billionady.com

app5.folion.xyz

wer.defone.click

Attributes

build
250188
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  900a62f1d821af1da2b5235e651057b062a9fd3c74002ac38218038f7e6b4ea4.dll
- Size
  
  937KB
- MD5
  
  b8bb6c8467092ef368e68446e68415ec
- SHA1
  
  9d0588bd231af048ba576216a158ad261a41d242
- SHA256
  
  900a62f1d821af1da2b5235e651057b062a9fd3c74002ac38218038f7e6b4ea4
- SHA512
  
  d5b7289a3c99b00830553a6b81afc252d760b7e1bdf9c54a44795a2b2bf9a86f5d1c04f6e9a4323991c06e45173f8854b09c9b1eec02c43d5e9454e6b044b9ce
- SSDEEP
  
  24576:HQfpzjXPgfM8CJV4X+IBIJ3cazaLwj1mCG9CpNiLi:IFDgQJV4OaIRj150CpNiLi
Score

10^/10

gozi 4500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2