gozi | 38919d669d09bb862fb10409fda03ab19b19ebf19e23643aa10bad3dfcf5ef91 | Triage

Sharing

General

Target

JaffaCakes118_38919d669d09bb862fb10409fda03ab19b19ebf19e23643aa10bad3dfcf5ef91
Size

429KB
Sample

241222-xm8pyawjfx
MD5

35aad663c231845503998c962dbb3e82
SHA1

2ac81527e0afb725d492600b11c5693ff07a4d4e
SHA256

38919d669d09bb862fb10409fda03ab19b19ebf19e23643aa10bad3dfcf5ef91
SHA512

822a3b85531be658a90259d13e52b3e423346a6fe91f0069cdd1e5775599c0ea37f167c3cd3e40af473c90fa8c69a44a2357cfeec5f4398330ce844e0bd05890
SSDEEP

12288:kEPCm2G75FKvqTqAWgNqjKO/rg6xImIXx4TMHw:9P/5FYqWAWUqOOwdQ

Score

10^/10

gozi 2500 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

2500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  melange.yuv
- Size
  
  680KB
- MD5
  
  e64f11baf4702c7e8c48665e22fab125
- SHA1
  
  4e5adc8e8e980f3ddc40edbeb6af2d39545d6f05
- SHA256
  
  851cc6fec3ef98671e93301e4e7f0c23458464396d9f8dce7fc4e89802f48ad8
- SHA512
  
  88c6294e5254916fa0c93dcd129172978276804db3cde4cb9f757a0c75352373587e33abbb7cb99f6c76b425c1fb325819fa80d9ace138efa5ec8b7f701938c2
- SSDEEP
  
  12288:TOgVktK4arTQrNn4Gq0hS7M+M8uFKLrseaCoZSSi7Pq6b4bi:agWtja/QrNn4GqJY8v3sen1Dq3bi
Score

10^/10

gozi 2500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi2500bankerdiscoveryisfbtrojan

behavioral2

gozi2500bankerdiscoveryisfbtrojan