gozi | a1646445dcc3e9e61bc3e057c2da3f05fa329cbf493cbc64f378f5513dc53536 | Triage

Sharing

General

Target

JaffaCakes118_a1646445dcc3e9e61bc3e057c2da3f05fa329cbf493cbc64f378f5513dc53536
Size

162KB
Sample

241225-bqz2basrhy
MD5

2bb310d03974bdddfd48cc9c85c0aa0d
SHA1

ad73a25c7bc77668a55a6ca8b9e53a33e9858f9a
SHA256

a1646445dcc3e9e61bc3e057c2da3f05fa329cbf493cbc64f378f5513dc53536
SHA512

edb173fcaef95cf42267151788e4e3076e4f588e2fffead0ca22b9057f6dcbf15a230ef8e0fd95c53869e93ffe7f544ac2b71227df75718dc7a828b8be106b70
SSDEEP

3072:EeETfO/YHuTuccAkkn5RkD3E98fbrt6umzkvCJ4PtJq7Z4hSTMnlAJVFN8:b8Gwy2DUDG308PoumqCwtIZnVFK

Score

10^/10

gozi 7621 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7621

C2

forumlines.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  af01d12df06f34e81f3772a1b661eef4f9086a73d953ea1c92a8408c4efa2e77
- Size
  
  293KB
- MD5
  
  8c79a57ed866e5382f054567bb4dcd6a
- SHA1
  
  a3418e0724691c5d103238004f8ed546d560e5c4
- SHA256
  
  af01d12df06f34e81f3772a1b661eef4f9086a73d953ea1c92a8408c4efa2e77
- SHA512
  
  49eb95f1748854a3dc846f35df02ed2dbff64b29732bd248f91bbb693256ad3ff9eb5a41b07eca789982392152ff6535a0e33f06646683eb8c182f77191d4c80
- SSDEEP
  
  6144:1lJBbCGiQedkMGM37T2iG+wBvAKLVqbNqb2:zbDidyMGs7w+w5jLVqZ
Score

10^/10

gozi 7621 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi7621bankerdiscoveryisfbtrojan

behavioral2

gozi7621bankerdiscoveryisfbtrojan