gozi | 2d8c8592bd206db746fe4eb282c0f2c7c00b9f8aa67f0ce9b75a92b7bfa94948 | Triage

Sharing

General

Target

2d8c8592bd206db746fe4eb282c0f2c7c00b9f8aa67f0ce9b75a92b7bfa94948.exe
Size

626KB
Sample

241226-wvhytatndz
MD5

64a4e61522e55ed5d601801d73c450bb
SHA1

bbbdf4e59ad677130f1f8355078ec52ae4dc70e0
SHA256

2d8c8592bd206db746fe4eb282c0f2c7c00b9f8aa67f0ce9b75a92b7bfa94948
SHA512

337bda514ca2f4688020a6c3f051a7628fd21d2a3416185c05df61aed95c4259a7cb05c503823f137ece70f52d6fcf7ab35d63b2a1714b305b225b79659e25c6
SSDEEP

12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZO:+w1lEKOpuYxiwkkgjAN8ZO

Score

10^/10

gozi 999 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999

C2

config.edge.skype.com

146.70.35.138

146.70.35.142

Attributes

base_path
/phpadmin/
build
250227
exe_type
loader
extension
.src
server_id
50

rsa_pubkey.plain

aes.plain

Targets

- Target
  
  2d8c8592bd206db746fe4eb282c0f2c7c00b9f8aa67f0ce9b75a92b7bfa94948.exe
- Size
  
  626KB
- MD5
  
  64a4e61522e55ed5d601801d73c450bb
- SHA1
  
  bbbdf4e59ad677130f1f8355078ec52ae4dc70e0
- SHA256
  
  2d8c8592bd206db746fe4eb282c0f2c7c00b9f8aa67f0ce9b75a92b7bfa94948
- SHA512
  
  337bda514ca2f4688020a6c3f051a7628fd21d2a3416185c05df61aed95c4259a7cb05c503823f137ece70f52d6fcf7ab35d63b2a1714b305b225b79659e25c6
- SSDEEP
  
  12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZO:+w1lEKOpuYxiwkkgjAN8ZO
Score

10^/10

gozi 999 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi999bankerdiscoveryisfbtrojan

behavioral2

gozi999bankerdiscoveryisfbtrojan