gozi | 9adc313b64a286f9d056b7efabda5565e2f3d8010d5432975899af6bbe71a0ea | Triage

Sharing

General

Target

9adc313b64a286f9d056b7efabda5565e2f3d8010d5432975899af6bbe71a0ea.zip
Size

137KB
Sample

250326-zl346svmz2
MD5

6d0f871a33c202037c67a957c82bc6ba
SHA1

bbdcbc8edfb8e5445e1644592d7d40da8e71c590
SHA256

9adc313b64a286f9d056b7efabda5565e2f3d8010d5432975899af6bbe71a0ea
SHA512

4e502d24dd8831044393087576170a03e20f0b5f1318939630137e0144d46fb3e2f4fa0ed947ac51e19b7d9dd9d893d9c702c84fbf2229e4a16ecb2c0a0f0a79
SSDEEP

3072:HeaBdSKtLRDnsOlWMTSKv2f0dd7WAVkGuaS3mlOMRjBqW:fdptVDhQK/d7bkGuaS3mlpBqW

Score

10^/10

gozi 3050 banker discovery isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3050

C2

c.s-microsoft.com

ajax.googleapis.com

groovcerl.xyz

Attributes

build
250166
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com

ru

org
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  d7fafabbb381c34185ad30f0d5337ec8072d0705e0e9fb1d91e7358ed934fff3.exe
- Size
  
  234KB
- MD5
  
  c9d954b3f1c512e6804fd8f5637b58b6
- SHA1
  
  b452040d8072117ddbe1adf9e1eab5e4bdb150bd
- SHA256
  
  d7fafabbb381c34185ad30f0d5337ec8072d0705e0e9fb1d91e7358ed934fff3
- SHA512
  
  a4e949017016c1cfaa9bdff664c8ee20b2a34fe78788de9a4338ae5ad9a8a2623ccafe6d4584ef4f6cb29bc05dbcb3a71cbcd4051560287fbe74fb5a5738c09b
- SSDEEP
  
  6144:SCY2oo127AHBPr4CggrMbPMdsf5LLNBU94nzKE:SSD6w4bKsf5PUomE
Score

10^/10

gozi 3050 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi3050bankerdiscoveryisfbtrojan

behavioral2

gozi3050bankerdiscoveryisfbtrojan