gozi

General

Target

JaffaCakes118_cc1745955641e87db0112fedad07b0a00623fda5c4cc3d68dc2bbee40a4c96bc
Size

97KB
Sample

241223-tmmkxstret
MD5

ef6382fccc81f341da9b274a4ca5db40
SHA1

3494ee0961602d3f0d79f6745ac89b827813ed56
SHA256

cc1745955641e87db0112fedad07b0a00623fda5c4cc3d68dc2bbee40a4c96bc
SHA512

515323e7511d41bdf2491ba0dc75b686f7efab7038e3f62c00ddf930ace7c552dfbc8056965e7b75de1adfbc0cc415ea844824635190a8fe1ebcf4cfa77b2b39
SSDEEP

3072:cmlizy70mi9hlGucGy/XV7IUJ+QjywcBf1ZlGvtMUH:Lizq0Lby/XlPy11ZleMUH

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

7238

C2

web.vortex.data.microsoft.com

ocsp.sca1b.amazontrust.com

blogicstatus.com

Attributes

build
250162
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Extracted

Family

gozi

Targets

- Target
  
  opzi0n1[1].dll
- Size
  
  164KB
- MD5
  
  8e1c8cff8610e8932d766ab3008af305
- SHA1
  
  ed105378c222691e40c4a15d09b51c83df4d4134
- SHA256
  
  e513d1e2ef995156b6f803f10c05052a3c1ae35f92e1c6d5bb7765a4d3b61011
- SHA512
  
  83a975be8f5435c59750179f6c642bc819fb0573267162998d2922594a57c657df2c44b0061a4c45334c6b9faf179a279c3f944aa2ad4a0980feb2bd9ac797cf
- SSDEEP
  
  3072:lMZhiVcGQDgf+OJ/zdQAYKjxLFL8615go9SfNJ7Mt9vQ90Z:+ZhiVcGB+O7QnqL861+zyBQ90
Score

10^/10

gozi 7238 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2