gozi

General

Target

JaffaCakes118_80ae0bbcd756599996cfabd5f7beb404be8842fdbbbd03a9682966077f5c48b9
Size

145KB
Sample

241223-syk1sstkey
MD5

6be70b0961c690ad25a52122f7f51b88
SHA1

970dd9624c4e60226adc46e5f90cb986645e5869
SHA256

80ae0bbcd756599996cfabd5f7beb404be8842fdbbbd03a9682966077f5c48b9
SHA512

2eeecd452461b6a682a9aae99c21625fc1fbabffece41ae14c664508987fc771b8a48a07eb024e3143e2c63879adb30efaeb55624fdc13138a44bfe41b741567
SSDEEP

3072:VgJtFwI5lmQFEgosLLXLD2feDxbhvq805+VehAqs/0mcddagl:OwI/mQFnWfwVhvzh0hA1/0mcd8e

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

202201

C2

telemetry.skype.com

gldobermanioliusdd.ru

semenshovdobermanoba4.ru

gdobermanciluiprada8.ru

mesantospilioosd.ru

klavsantosnka93hhu8.ru

checkgosantoswahnedr.ru

stypesantosgirlsld99.ru

dasantoseikosano000.ru

rkrygliyakinaribalke.ru

klkrygliyaysiroppe0.ru

musskrygliyakatt67838.ru

Attributes

base_path
/drew/
build
250224
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  proxychain.bin
- Size
  
  255KB
- MD5
  
  fe45c50d912ba5114f7cec59f5ce3a1d
- SHA1
  
  40706642be37ee48ce49faa4592a6e977aa5c3ca
- SHA256
  
  104e6094ef239aae7e4317433e868b67108b8157627dc222f996cb087795334f
- SHA512
  
  7803bc3ae1a8deb1c04e27d7a7d5c623c6b667a71ec5e9564aefa2d5d8cdc40c2a5129844b5fc5ca20a8074719601b2ebf6cc0b66c460c4570a42314f4110409
- SSDEEP
  
  6144:cDWv6SWTam85idpqgtyUKNaTBfCmevU7wt:cq6SWTam85s/g6BfXeXt
Score

10^/10

gozi 202201 banker isfb trojan discovery
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2