gozi | f65d89d469a51ea178d198fc3fd9123c63937daa6129d35f872769a85aa479e9 | Triage

Sharing

General

Target

JaffaCakes118_f65d89d469a51ea178d198fc3fd9123c63937daa6129d35f872769a85aa479e9
Size

132KB
Sample

241223-2pvcjstndy
MD5

e3e95f2558b7e156a39cc27984485ecc
SHA1

76c7c01b538e6c8fb8804d1fae1da7ee6d7172a4
SHA256

f65d89d469a51ea178d198fc3fd9123c63937daa6129d35f872769a85aa479e9
SHA512

2cdaba5e071c1ce6139f85472414802f765a5915737fe2f8454bb6d3f1762ecde783f2d3a018c33ee9f99a02afeda52910b9e7806d25a676cbfcc2fac3b4bad8
SSDEEP

3072:kkFy+OyDj1w086NSgXzrD2d5HSuiwE1oKydAZWjhGO2yBK:JFy+3Djv8ckdrHaeGABK

Score

10^/10

gozi 3000 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

194.76.225.112

194.76.225.113

46.21.153.203

Attributes

base_path
/drew/
build
250239
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  64d2a023b1208a01375af17e3b02ff7eebae76d3a35ece915c52e5d7a021edc9
- Size
  
  226KB
- MD5
  
  e84631873c87ac0af8a0a0802afaafb3
- SHA1
  
  d6a37d21ea7bf956a086c03ccbeeb84ffeb758a3
- SHA256
  
  64d2a023b1208a01375af17e3b02ff7eebae76d3a35ece915c52e5d7a021edc9
- SHA512
  
  3a7da6eab40d580946d7eb01d1bab1920d5eb04044d52fb48300ea9dfd9e057c367f4605065841bdac82b288696a7142b66a6059281118f42a5244be14c94793
- SSDEEP
  
  6144:wnE+Pf/CH/XpoywwVMh0myTVq641e3Ub:wnnH/oPeh0md9b
Score

10^/10

gozi 3000 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3000bankerdiscoveryisfbtrojan

behavioral2

gozi3000bankerdiscoveryisfbtrojan