gozi | 0d28bffbc18947f5b5948a9a2377fb54ba1b37117c0bbee9e51fdeeab5805608 | Triage

Sharing

General

Target

JaffaCakes118_0d28bffbc18947f5b5948a9a2377fb54ba1b37117c0bbee9e51fdeeab5805608
Size

156KB
Sample

241223-v4tw1awlhy
MD5

f2e9963a3026deeaf56d9aacdfb391bc
SHA1

03ea59e4a5303040b686fe63714206d3f06defb0
SHA256

0d28bffbc18947f5b5948a9a2377fb54ba1b37117c0bbee9e51fdeeab5805608
SHA512

e7aa18431483d1ef6a34a9391db57269e6bec2d25923db7b9f9615875badf28c873a646b08e9444f2cf3a8227b8770326f899f858bfcb5d395a59717f5950135
SSDEEP

3072:fepB2onsVz4ccWtx9R+u3Kpd0Y9Rg+EnpF2+REZh:fUDsZB7spuY9Rg+wzw

Score

10^/10

gozi 9094 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

9094

C2

google.mail.com

firsone1.online

kdsjdsadas.online

Attributes

base_path
/jkloll/
build
250211
dga_season
10
exe_type
loader
extension
.mki
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  53884f3120767d42dabef87b63e0d6b9cbb3be425f842c458d95d2b017dbe5c0
- Size
  
  291KB
- MD5
  
  7098317fa62001df2fbfb2ad4b2f153a
- SHA1
  
  b9f0f53a1770ef080151407f1c2df845eae380fc
- SHA256
  
  53884f3120767d42dabef87b63e0d6b9cbb3be425f842c458d95d2b017dbe5c0
- SHA512
  
  8b53f9fdbd27a12a5a4cfc64c52c1163f1656b5af7ef0beaca0b485573383ed9b1d615f36b635659108d01f8f5f3207fcc10485d449e98e5f37cb550c0643ebd
- SSDEEP
  
  6144:GdNpq2chxLhtrEEx+8BwSjIjaN2l+htHH20fFCfcVtaK:o3chxlt8+jjAa2l+r2U4fct
Score

10^/10

gozi 9094 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi9094bankerdiscoveryisfbtrojan

behavioral2

gozi9094bankerdiscoveryisfbtrojan