gozi | 4415a9a8e6071a903331cd134bbf86794a98b2ba29dfa12e80445999eb7a90dc | Triage

Sharing

General

Target

JaffaCakes118_4415a9a8e6071a903331cd134bbf86794a98b2ba29dfa12e80445999eb7a90dc
Size

507KB
Sample

241225-sfdh1awkgy
MD5

d2b95bdd52fb84ba0b8d1847d8599efa
SHA1

9c800f5efd47afd1b74a4adb53abe0e42f88e968
SHA256

4415a9a8e6071a903331cd134bbf86794a98b2ba29dfa12e80445999eb7a90dc
SHA512

16e2f7bcbcfe3f60a726795195afd2a7153b0003d62ed8d68fb11ff1fc87dfcb35c752865f1eec6702d7d1d90bf433f3f3e8b42304470ef8ec77609acdab6651
SSDEEP

12288:213jxeTWKBZejxO/hdSH03bdwctET1nDNE40zX4vQ:AteTJBc43bdx+xR0q

Score

10^/10

gozi 6100 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

6100

C2

authd.feronok.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  JaffaCakes118_4415a9a8e6071a903331cd134bbf86794a98b2ba29dfa12e80445999eb7a90dc
- Size
  
  507KB
- MD5
  
  d2b95bdd52fb84ba0b8d1847d8599efa
- SHA1
  
  9c800f5efd47afd1b74a4adb53abe0e42f88e968
- SHA256
  
  4415a9a8e6071a903331cd134bbf86794a98b2ba29dfa12e80445999eb7a90dc
- SHA512
  
  16e2f7bcbcfe3f60a726795195afd2a7153b0003d62ed8d68fb11ff1fc87dfcb35c752865f1eec6702d7d1d90bf433f3f3e8b42304470ef8ec77609acdab6651
- SSDEEP
  
  12288:213jxeTWKBZejxO/hdSH03bdwctET1nDNE40zX4vQ:AteTJBc43bdx+xR0q
Score

10^/10

gozi 6100 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi6100bankerdiscoveryisfbtrojan

behavioral2

gozi6100bankerdiscoveryisfbtrojan