gozi | dd5283c0cf2af868ba78c25fa48115246737ae5cd36d21fff95d03a96a1fc456 | Triage

Sharing

General

Target

JaffaCakes118_dd5283c0cf2af868ba78c25fa48115246737ae5cd36d21fff95d03a96a1fc456
Size

368KB
Sample

241224-sg67pszqfq
MD5

37e853f4bb7a201d84da82a20fb322d5
SHA1

94de3379728b8bea474d492a50a144b2717d69a1
SHA256

dd5283c0cf2af868ba78c25fa48115246737ae5cd36d21fff95d03a96a1fc456
SHA512

8558c9f65df5429305673c20537878ceeeb080d1c5995270abf307c773f20d14950fdd7c7ed1757833c4ee5ca71221e4cf59c0d8d98ccf43984d942a0cbc08fa
SSDEEP

6144:4pW5yM4eF6MOl7SfFPFY0Hi1PkZkWM6gD2X4sCC8rJpDRjM:4Q5yB78fFPTHi1Pku6gSIsC3FvM

Score

10^/10

gozi 8877 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

8877

C2

outlook.com

lureborufer.store

dureborufer.store

Attributes

base_path
/lucene/
build
250212
dga_season
10
exe_type
loader
extension
.keq
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  JaffaCakes118_dd5283c0cf2af868ba78c25fa48115246737ae5cd36d21fff95d03a96a1fc456
- Size
  
  368KB
- MD5
  
  37e853f4bb7a201d84da82a20fb322d5
- SHA1
  
  94de3379728b8bea474d492a50a144b2717d69a1
- SHA256
  
  dd5283c0cf2af868ba78c25fa48115246737ae5cd36d21fff95d03a96a1fc456
- SHA512
  
  8558c9f65df5429305673c20537878ceeeb080d1c5995270abf307c773f20d14950fdd7c7ed1757833c4ee5ca71221e4cf59c0d8d98ccf43984d942a0cbc08fa
- SSDEEP
  
  6144:4pW5yM4eF6MOl7SfFPFY0Hi1PkZkWM6gD2X4sCC8rJpDRjM:4Q5yB78fFPTHi1Pku6gSIsC3FvM
Score

10^/10

gozi 8877 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi8877bankerdiscoveryisfbtrojan

behavioral2

gozi8877bankerdiscoveryisfbtrojan