gozi

General

Target

2025-02-27_2d5e92d6c90ef3ec07d26b04c5a3a1fd_icedid_ramnit
Size

867KB
Sample

250227-hr4t8azrx3
MD5

2d5e92d6c90ef3ec07d26b04c5a3a1fd
SHA1

30c554d183c709b2701cc91b4527775abb33ab74
SHA256

d27cb7a2bf0aa4d7d49c68555084595f433897992b39a8b61f59b9056b74287b
SHA512

0953e2a402ea8b71708de4bd3df365de135bb7bcebcb5e53919acff4c88cd881b898a057eddac156f057560158057a65c4d051db955a0b1e915565d3a4588fa2
SSDEEP

12288:MASJCsqQtu95V4WUA+6dH1G0p+MU7bo24wmLsG/RgRQrUrF2ClG+pG/YR:MACeQO5V4WUA+6dHN+l9ZL5rF2igYR

Score

10^/10

Malware Config

Extracted

Family

gozi

Attributes

build
214131

Extracted

Family

gozi

Botnet

5020

C2

settings-win.data.microsoft.com

accrualdewd.xyz

Attributes

build
214131
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  2025-02-27_2d5e92d6c90ef3ec07d26b04c5a3a1fd_icedid_ramnit
- Size
  
  867KB
- MD5
  
  2d5e92d6c90ef3ec07d26b04c5a3a1fd
- SHA1
  
  30c554d183c709b2701cc91b4527775abb33ab74
- SHA256
  
  d27cb7a2bf0aa4d7d49c68555084595f433897992b39a8b61f59b9056b74287b
- SHA512
  
  0953e2a402ea8b71708de4bd3df365de135bb7bcebcb5e53919acff4c88cd881b898a057eddac156f057560158057a65c4d051db955a0b1e915565d3a4588fa2
- SSDEEP
  
  12288:MASJCsqQtu95V4WUA+6dH1G0p+MU7bo24wmLsG/RgRQrUrF2ClG+pG/YR:MACeQO5V4WUA+6dHN+l9ZL5rF2igYR
Score

10^/10

gozi ramnit 5020 banker discovery isfb spyware stealer trojan upx worm
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Ramnit family
  ramnit
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

Ramnit

Ramnit family

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2