Overview

overview

10

Static

static

1

d7fafabbb3...f3.dll

windows7-x64

10

d7fafabbb3...f3.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9adc313b64a286f9d056b7efabda5565e2f3d8010d5432975899af6bbe71a0ea.zip

  • Size

    137KB

  • Sample

    250326-zvwrfsvpv4

  • MD5

    6d0f871a33c202037c67a957c82bc6ba

  • SHA1

    bbdcbc8edfb8e5445e1644592d7d40da8e71c590

  • SHA256

    9adc313b64a286f9d056b7efabda5565e2f3d8010d5432975899af6bbe71a0ea

  • SHA512

    4e502d24dd8831044393087576170a03e20f0b5f1318939630137e0144d46fb3e2f4fa0ed947ac51e19b7d9dd9d893d9c702c84fbf2229e4a16ecb2c0a0f0a79

  • SSDEEP

    3072:HeaBdSKtLRDnsOlWMTSKv2f0dd7WAVkGuaS3mlOMRjBqW:fdptVDhQK/d7bkGuaS3mlpBqW

Score
10/10
gozi3050bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Botnet

3050

C2

c.s-microsoft.com

ajax.googleapis.com

groovcerl.xyz
Attributes
  • build

    250166

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • dns_servers

    107.174.86.134

    107.175.127.22

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOBkY41WtGkEFhAL9QVXVCFkuo5u4nqt
3
Ffl8H3moyDl14SkcNxXFFWmwIE8rTTz4HzgGAo3QHRV8h/f5HdttseUCAwEAAQ==
4
-----END PUBLIC KEY-----
serpent.plain
1
10291029JSJUYNHG

Extracted

Family

gozi

Targets

    • Target

      d7fafabbb381c34185ad30f0d5337ec8072d0705e0e9fb1d91e7358ed934fff3.exe

    • Size

      234KB

    • MD5

      c9d954b3f1c512e6804fd8f5637b58b6

    • SHA1

      b452040d8072117ddbe1adf9e1eab5e4bdb150bd

    • SHA256

      d7fafabbb381c34185ad30f0d5337ec8072d0705e0e9fb1d91e7358ed934fff3

    • SHA512

      a4e949017016c1cfaa9bdff664c8ee20b2a34fe78788de9a4338ae5ad9a8a2623ccafe6d4584ef4f6cb29bc05dbcb3a71cbcd4051560287fbe74fb5a5738c09b

    • SSDEEP

      6144:SCY2oo127AHBPr4CggrMbPMdsf5LLNBU94nzKE:SSD6w4bKsf5PUomE

    Score
    10/10
    gozi3050bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.