gozi | 3d08389e485bae1170d17e1966af51b7f174c98d1b9dafc4d25873eb70d4d735 | Triage

Sharing

General

Target

JaffaCakes118_3d08389e485bae1170d17e1966af51b7f174c98d1b9dafc4d25873eb70d4d735
Size

374KB
Sample

241223-t4eawavmbx
MD5

81127b25e86fc1c34d4b3c234bbb7650
SHA1

97e8acc57e840ccc2a5caec350b69560f9d64abe
SHA256

3d08389e485bae1170d17e1966af51b7f174c98d1b9dafc4d25873eb70d4d735
SHA512

c2dcf05d65baaab85309d912dbfe01193a99ab0ac6a06ab361edab95a2dc246e56dc782e7c5235a541b8dea62a1b9c86f6211a0a7e6b6a2d197066d010d02d3d
SSDEEP

6144:39rzZze2Z364RyLy/tCGALXnjD93OYkEvDxaVBF6m6:39hzu4RnC97jx4EvDxX

Score

10^/10

gozi 4500 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

4500

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_3d08389e485bae1170d17e1966af51b7f174c98d1b9dafc4d25873eb70d4d735
- Size
  
  374KB
- MD5
  
  81127b25e86fc1c34d4b3c234bbb7650
- SHA1
  
  97e8acc57e840ccc2a5caec350b69560f9d64abe
- SHA256
  
  3d08389e485bae1170d17e1966af51b7f174c98d1b9dafc4d25873eb70d4d735
- SHA512
  
  c2dcf05d65baaab85309d912dbfe01193a99ab0ac6a06ab361edab95a2dc246e56dc782e7c5235a541b8dea62a1b9c86f6211a0a7e6b6a2d197066d010d02d3d
- SSDEEP
  
  6144:39rzZze2Z364RyLy/tCGALXnjD93OYkEvDxaVBF6m6:39hzu4RnC97jx4EvDxX
Score

10^/10

gozi 4500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi4500bankerdiscoveryisfbtrojan

behavioral2

gozi4500bankerdiscoveryisfbtrojan