gozi | 5dbd95246d1c65df6f46863a305130f4d7def3e0f6d816ca6655e7f77c00e8d5 | Triage

Sharing

General

Target

5dbd95246d1c65df6f46863a305130f4d7def3e0f6d816ca6655e7f77c00e8d5.exe
Size

256KB
Sample

241222-shlbma1rdx
MD5

c0cf8566d6cb501c5a833c3272074149
SHA1

7ada7e7ba7fa21601f8fa796a244ca0edfb38f83
SHA256

5dbd95246d1c65df6f46863a305130f4d7def3e0f6d816ca6655e7f77c00e8d5
SHA512

51ddd15cfe3cb25c813806c4497d99b14b63d8b73bd4e7a2ba4ec862a8b4b38e034f6a3b3caca61d8a16e2a0bc6ded505e1fb61658c60e5e95f4820067d99f0b
SSDEEP

6144:KVQeVilAqaAKPmKmjHixTAiXLddsrTUqV2yp:KVUpKWkTvhqTUqV7p

Score

10^/10

gozi 1053 banker discovery isfb persistence trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1053

C2

127.0.0.1

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  5dbd95246d1c65df6f46863a305130f4d7def3e0f6d816ca6655e7f77c00e8d5.exe
- Size
  
  256KB
- MD5
  
  c0cf8566d6cb501c5a833c3272074149
- SHA1
  
  7ada7e7ba7fa21601f8fa796a244ca0edfb38f83
- SHA256
  
  5dbd95246d1c65df6f46863a305130f4d7def3e0f6d816ca6655e7f77c00e8d5
- SHA512
  
  51ddd15cfe3cb25c813806c4497d99b14b63d8b73bd4e7a2ba4ec862a8b4b38e034f6a3b3caca61d8a16e2a0bc6ded505e1fb61658c60e5e95f4820067d99f0b
- SSDEEP
  
  6144:KVQeVilAqaAKPmKmjHixTAiXLddsrTUqV2yp:KVUpKWkTvhqTUqV7p
Score

10^/10

gozi 1053 banker isfb persistence trojan discovery
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi1053bankerisfbpersistencetrojan

behavioral2

gozi1053bankerdiscoveryisfbpersistencetrojan