gozi | 995cd97c17a116a53f0a9cfce21d3744d16e5734d1ab7dc0abfb973823d47900 | Triage

Sharing

General

Target

JaffaCakes118_995cd97c17a116a53f0a9cfce21d3744d16e5734d1ab7dc0abfb973823d47900
Size

183KB
Sample

241225-p1gjlstjev
MD5

e1b7ecca7a455a3bc7dc51129b8d1ce5
SHA1

43771e043098c4b05a6c58fda8fe74082af1c6f9
SHA256

995cd97c17a116a53f0a9cfce21d3744d16e5734d1ab7dc0abfb973823d47900
SHA512

3e45d80e1a08bb65f07fc80dc4fe516f7546c29959a0517c3d1885a786f4c3e2a906aa1ba114b65d15fa67cb6dab2271a018190bd43ec9c9aefecd600665f4bf
SSDEEP

3072:aNfsLjnM8uQS9dH6M4sAdVNOj4xwMxOGJ+A+mWeAIAZHhDgOPpASBjJbWcASoN:7BuQ8l4siVNYJGNUZHDAGNCcASy

Score

10^/10

gozi 7618 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7618

C2

cloudlines.top

linkspremium.ru

premiumlists.ru

Attributes

base_path
/drew/
build
250225
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  d61ee5e7b17684983ea9049f719beb05978a813638f53f7625e970bae1c2abd7
- Size
  
  370KB
- MD5
  
  0179f7b0bd61f06d3705812e50583b20
- SHA1
  
  c640e2e26b783093c8b1d418af11f468c828458f
- SHA256
  
  d61ee5e7b17684983ea9049f719beb05978a813638f53f7625e970bae1c2abd7
- SHA512
  
  d00906234a788e2237d3debe3a7d9cd9f65cfa1c8b189e9f9f7cfda8f174257e2683f1b94e6667af2d4160f3aa7ebe393de299ce6d9ec3c7b817bc195985df6e
- SSDEEP
  
  6144:dtukWLu3M+uqn3F6vPNZAdSEJayJjVSSfz2y/huNT+:bWLuc+uKCqdSEJPNVSSP58T
Score

10^/10

gozi 7618 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi7618bankerdiscoveryisfbtrojan

behavioral2

gozi7618bankerdiscoveryisfbtrojan