gozi | 9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55 | Triage

Submit
Reports

Overview

overview

Static

static

1

9ff430ca0c...55.exe

windows7-x64

9ff430ca0c...55.exe

windows10-2004-x64

Sharing

General

Target

9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55
Size

8.9MB
Sample

250318-jjxavazrw2
MD5

29689832b64151b256c7a5952e29ce57
SHA1

0ad2ce251c6aa5d2d3a6798b3b9d6186c312b9c7
SHA256

9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55
SHA512

e4a42739826bccafc4186168061b8b2cc18bb7ba2fa29b7aab586a35e613703ff8b7159f9439aac31a819a6fb7d84e543b04f5c4273c1e8d8811695e576a0ff5
SSDEEP

196608:7DYkkqfPyOWe3ltFCNTr3tbYWFLg9Z3D7JkaPoq0fmrY1Er6K5gS:7DDkqyc1tgdtovzWagdmrY1tcgS

Score

10^/10

gozi banker discovery isfb trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55.exe

Resource

win7-20250207-en

gozi banker discovery isfb trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55.exe

Resource

win10v2004-20250314-en

gozi banker discovery isfb trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55
- Size
  
  8.9MB
- MD5
  
  29689832b64151b256c7a5952e29ce57
- SHA1
  
  0ad2ce251c6aa5d2d3a6798b3b9d6186c312b9c7
- SHA256
  
  9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55
- SHA512
  
  e4a42739826bccafc4186168061b8b2cc18bb7ba2fa29b7aab586a35e613703ff8b7159f9439aac31a819a6fb7d84e543b04f5c4273c1e8d8811695e576a0ff5
- SSDEEP
  
  196608:7DYkkqfPyOWe3ltFCNTr3tbYWFLg9Z3D7JkaPoq0fmrY1Er6K5gS:7DDkqyc1tgdtovzWagdmrY1tcgS
Score

10^/10

gozi banker discovery isfb trojan upx
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Suspicious use of NtSetInformationThreadHideFromDebugger
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozibankerdiscoveryisfbtrojanupx

behavioral2

gozibankerdiscoveryisfbtrojanupx

© 2018-2025

Terms | Privacy