gozi | 4e18efde9c5ac9f461d8dcf3f23337bc2add0fbdd528543942de05991f84abd9 | Triage

Sharing

General

Target

JaffaCakes118_4e18efde9c5ac9f461d8dcf3f23337bc2add0fbdd528543942de05991f84abd9
Size

287KB
Sample

241223-zld52s1kgm
MD5

59751fffd6560f57ecbd67b7fbed7e52
SHA1

781f9092cd8b3ad0cbf5fe2ab2b5405c1301d2af
SHA256

4e18efde9c5ac9f461d8dcf3f23337bc2add0fbdd528543942de05991f84abd9
SHA512

087e5c53b8032986952cc856fd05b344af365b5c370d3050e249fb6658d0a93e1262ea62835d52ab6337fd8489f577e1e9065cfbe3605896af840a133cc6f3a0
SSDEEP

6144:ZlbIHHMvGnATuTkzc0JF1Mz+pcttlCCrbPLATxVnmmR5mT0iF3uld5WUwvMvS5lk:ZxwMOnnIggF8+pMLjrLLANVnmmoUdMUB

Score

10^/10

gozi 3500 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3500

C2

gtr.antoinfer.com

f1.bablefiler.at

Attributes

build
250211
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  info.lnk
- Size
  
  1KB
- MD5
  
  af4691c6230c3309b730c154b03e0fe3
- SHA1
  
  7c3012f127d9bb783e13c070f3ca3a166677b32c
- SHA256
  
  8758fc876b298e2ee3e7ec19c26dd6a6c4acd8b3040a3f6c98030a94735c2119
- SHA512
  
  03c0adc89853c15d308738499d8a364b61fc142ffd795cfea056b636859cb603189b7a0fdf6081da78294a73fd5da48a68af2bbbf3df83f5a4de162bad0c999b
Score

10^/10

gozi 3500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  tjufus\vafix.dll
- Size
  
  472KB
- MD5
  
  181ad9edf1cc6305c42981c4b72a9992
- SHA1
  
  af7f549bb9f2bcc8676787bf24313be0f5bf1f9e
- SHA256
  
  d4a0d88681fb5af8c131b0d915a26143ae6c62bc2302deff076dfa9f5b9bd437
- SHA512
  
  db1a61f08827aef0d99212531fb9210d01129a96f8cc463bdd44c7dbcc3059828549bb25260c24b44c619eb3e50f9c573ddbf5a9dfbd2ba094cc75d620415f7c
- SSDEEP
  
  12288:g8T8E11FE68XEDkXZ9YG8nxu3/vkfzJtCcZR:111m/XvZv8m/cb5
Score

10^/10

gozi 3500 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3500bankerdiscoveryisfbtrojan

behavioral2

gozi3500bankerdiscoveryisfbtrojan

behavioral3

gozi3500bankerdiscoveryisfbtrojan

behavioral4

gozi3500bankerdiscoveryisfbtrojan