gozi | 39bbd79dc1a59d6823a53a988c1623454acb05d598748490eb7da5159ea49b6f | Triage

Sharing

General

Target

JaffaCakes118_39bbd79dc1a59d6823a53a988c1623454acb05d598748490eb7da5159ea49b6f
Size

304KB
Sample

241222-y16ceayjfl
MD5

e7aed9ac34cf4bd44bae351385ff1b1d
SHA1

cb86e35464a8f3779d524389debca023a01eadc8
SHA256

39bbd79dc1a59d6823a53a988c1623454acb05d598748490eb7da5159ea49b6f
SHA512

ed19bc9de6e55abaef0d6a21ad91e1d0af557e87df6bc787ff75626af10d85d135107d9380ffe375c0582be6ac43a921c852331deeafe3071bf80be38e562ef5
SSDEEP

6144:B7qFiHaPGfbHBbjCrg9NtReW84UwqVkm4oUYYbnjQe:GqVLfL6JimjUYpe

Score

10^/10

gozi 1500 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

f1.bablefiler.at

f22.avanoruk.com

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  liana.m
- Size
  
  468KB
- MD5
  
  ea5a45bcbe61e5debd959622a2a95dcb
- SHA1
  
  34813d50e2f0bcfc22dcb0fd82f22c47f9072c2d
- SHA256
  
  091a33c2695ec6212f9ce129214e1fad28dbbac39a5f9d0cc1787d3d98e08b09
- SHA512
  
  acea0a3dd9c998c409031610630d34f3b2103545d8dcd5d1ca08b19aae403d521218df1193b93d8b3369c32c76e3807d636fc4a0e0c769ad26fb169e5f2a70a4
- SSDEEP
  
  6144:e8etA8+L3/X9dOxaMJYp1L3+yWT9i8GYhMl/6PNHdY6+vBJYyipaWSNmoAOMohna:enW807H+yb0Ml49Y6MESzJhnmXdvZ
Score

10^/10

gozi 1500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi1500bankerdiscoveryisfbtrojan

behavioral2

gozi1500bankerdiscoveryisfbtrojan