gozi

General

Target

f996f60603519fb183271788ec8dcdf12f8a6430cfd0cbc924a30353cabe2537.zip
Size

72KB
Sample

250327-ym6q1szjs2
MD5

e35d09e6a523804d94247ec5046f0924
SHA1

5b3fde4fc5c02b5465617fee162a2b04d955c78f
SHA256

f996f60603519fb183271788ec8dcdf12f8a6430cfd0cbc924a30353cabe2537
SHA512

9041894343bba35301698ae3a81311a04e1d9575a2e35a717f904522d6715b52415a608af4d440a93d7618a9af8f5e99f37ff049c1f0ee86e1fdef4ddf2ac4cd
SSDEEP

1536:htiGyk+5B5T1QwnkxDNjIKfRd4m49P12JQ7r6SYWgHjYSPgDBgVfD:ht/lkB1teNjx6bP10bygHjZVV7

Score

10^/10

Malware Config

Extracted

Family

gozi

Botnet

7242

C2

web.vortex.data.microsoft.com

ocsp.sca1b.amazontrust.com

settingsline.com

Attributes

build
250162
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Extracted

Family

gozi

Targets

- Target
  
  07a73fb70fa63ff53d091c68cb1e5728314ff7b479ca695050173faf3f8f5ea2.exe
- Size
  
  119KB
- MD5
  
  c8392d93a1f064a53abb61887cad409b
- SHA1
  
  20c77abcc1e3904bf337af924200d63aaa012b1b
- SHA256
  
  07a73fb70fa63ff53d091c68cb1e5728314ff7b479ca695050173faf3f8f5ea2
- SHA512
  
  1b677b00d7db9266a9c05f653e3dcbacd6a9ff29fa84ffcc64775b1e200618b73ca142de333116194e2937bebcd9a7008fd2112fb615cfac459c2973bcb625a8
- SSDEEP
  
  3072:3VtPSsu5yds0ZCzsRqojgfwE3DCW/5z5TCXq:lUT5yd3ZCXfIQR95Tf
Score

10^/10

gozi 7242 banker discovery isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Gozi family
  gozi
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Gozi family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2