gozi

Resubmissions

20/02/2025, 15:48

250220-s8zlyayjdl 10

20/02/2025, 14:12

250220-rh9hsawmhw 10

26/10/2022, 23:52

221026-3wxa6aaag3 10

Sharing

Copy URL

Twitter E-mail

General

Target

026fd6ab8b5f12d1ae0795f7ad79b05a7ca1dc83e996cb7ee37f1b417d66de44
Size

302KB
Sample

250220-rh9hsawmhw
MD5

f870c0d62691fc39194922e4a59fdc1c
SHA1

69369a1aa35592ca4eede5179060f2c58e9bae6e
SHA256

026fd6ab8b5f12d1ae0795f7ad79b05a7ca1dc83e996cb7ee37f1b417d66de44
SHA512

92a452a2f63e9e214f98d14fcee1dd8f8c55b94ce90ed541986af08117f09779e159f76ae043ab6be4c49d254e4846448b632e0f33fcafb0be362a90a1a934ae
SSDEEP

6144:qTBSsdUvHN91B8LdCCoVupEo5KdEBaxRxnxXOWFi2HAwsih5:oUJvHNnBGdpOupzEdEByxW2g

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1010

sys.cwthecw.com/bcms/assets/img

sys.whyblacklivesmatter.org/bcms/assets/img

sys.mohitsagarmusic.com/bcms/assets/img

lansystemstat.com/bcms/assets/img

highnetwork.pw/bcms/assets/img

lostnetwork.in/bcms/assets/img

sysconnections.net/bcms/assets/img

lansupports.com/bcms/assets/img

Attributes

exe_type
worker
server_id
35

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  026fd6ab8b5f12d1ae0795f7ad79b05a7ca1dc83e996cb7ee37f1b417d66de44
- Size
  
  302KB
- MD5
  
  f870c0d62691fc39194922e4a59fdc1c
- SHA1
  
  69369a1aa35592ca4eede5179060f2c58e9bae6e
- SHA256
  
  026fd6ab8b5f12d1ae0795f7ad79b05a7ca1dc83e996cb7ee37f1b417d66de44
- SHA512
  
  92a452a2f63e9e214f98d14fcee1dd8f8c55b94ce90ed541986af08117f09779e159f76ae043ab6be4c49d254e4846448b632e0f33fcafb0be362a90a1a934ae
- SSDEEP
  
  6144:qTBSsdUvHN91B8LdCCoVupEo5KdEBaxRxnxXOWFi2HAwsih5:oUJvHNnBGdpOupzEdEByxW2g
Score

10^/10

gozi 1010 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2