gozi

General

Target

45d3c7d1fb1ea66a66cd2895c30e8df398cf561314e1bcac2c429dc273817154
Size

351KB
Sample

250227-1r2c7s1ly6
MD5

a47ee973940ba634ced04939b927e556
SHA1

31f361613a56e26ad3636cef4b51827e54df3c1d
SHA256

45d3c7d1fb1ea66a66cd2895c30e8df398cf561314e1bcac2c429dc273817154
SHA512

8f3e78b45d548b23a889a230062bbfd0e692f3b0eab341954d4a1a86432ff8768b0af14f0005280452d0837756ae628d46fe7ef4983dfc6dc6b464752f73010b
SSDEEP

6144:ViceR0zXvZss0DYWQ9km7LWMCuMeGbfUTpYDDmu/+3fbZ:nzXvZ7p9hLWMCmG+pG/YZ

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214131

Extracted

Family

gozi

Botnet

8585

C2

mcc.avast.com

securezza.at

Attributes

build
214131
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  45d3c7d1fb1ea66a66cd2895c30e8df398cf561314e1bcac2c429dc273817154
- Size
  
  351KB
- MD5
  
  a47ee973940ba634ced04939b927e556
- SHA1
  
  31f361613a56e26ad3636cef4b51827e54df3c1d
- SHA256
  
  45d3c7d1fb1ea66a66cd2895c30e8df398cf561314e1bcac2c429dc273817154
- SHA512
  
  8f3e78b45d548b23a889a230062bbfd0e692f3b0eab341954d4a1a86432ff8768b0af14f0005280452d0837756ae628d46fe7ef4983dfc6dc6b464752f73010b
- SSDEEP
  
  6144:ViceR0zXvZss0DYWQ9km7LWMCuMeGbfUTpYDDmu/+3fbZ:nzXvZ7p9hLWMCmG+pG/YZ
Score

10^/10

gozi ramnit 8585 banker discovery isfb spyware stealer trojan upx worm
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2