gozi | 20587442b6c5c5289058461103db705d04b69ee7e5c14d6a3089348c19bc0de7 | Triage

Sharing

General

Target

JaffaCakes118_20587442b6c5c5289058461103db705d04b69ee7e5c14d6a3089348c19bc0de7
Size

374KB
Sample

241223-tb1y6stpgp
MD5

9d3a7a1f655bdc0714e010f31ad4c6cc
SHA1

5115f00d59147a3113fab9402daeb34ffe71ae39
SHA256

20587442b6c5c5289058461103db705d04b69ee7e5c14d6a3089348c19bc0de7
SHA512

65a17e759ff8b47c01e24a0eec98c6d4bcea0001613c6214a3b1f015437f2998810aef349190fcaaf75cc692e8877c1fa3901b5d69838468c1cb416ee64c4b21
SSDEEP

6144:39rzZze2Z364RyLy/tCGALXnjD93OYkEvDQaVBF6m6:39hzu4RnC97jx4EvDQX

Score

10^/10

gozi 4500 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

4500

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_20587442b6c5c5289058461103db705d04b69ee7e5c14d6a3089348c19bc0de7
- Size
  
  374KB
- MD5
  
  9d3a7a1f655bdc0714e010f31ad4c6cc
- SHA1
  
  5115f00d59147a3113fab9402daeb34ffe71ae39
- SHA256
  
  20587442b6c5c5289058461103db705d04b69ee7e5c14d6a3089348c19bc0de7
- SHA512
  
  65a17e759ff8b47c01e24a0eec98c6d4bcea0001613c6214a3b1f015437f2998810aef349190fcaaf75cc692e8877c1fa3901b5d69838468c1cb416ee64c4b21
- SSDEEP
  
  6144:39rzZze2Z364RyLy/tCGALXnjD93OYkEvDQaVBF6m6:39hzu4RnC97jx4EvDQX
Score

10^/10

gozi 4500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi4500bankerdiscoveryisfbtrojan

behavioral2

gozi4500bankerdiscoveryisfbtrojan