Overview

overview

10

Static

static

3

VirusShare...8a.exe

windows7-x64

10

VirusShare...8a.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VirusShare_23a14d08db5657d26e7ae10956f7b68a

  • Size

    561KB

  • Sample

    240610-1crkfs1hnn

  • MD5

    23a14d08db5657d26e7ae10956f7b68a

  • SHA1

    5e86a634097d462b313f48de8b925c6c2d05ebde

  • SHA256

    a4335506219e4228ebd3d4b63f766352a5bdaef80d7a0c26a17bfd3f8d8a0416

  • SHA512

    68c2073c2cbb0cffdfbe8c296175cdf678ca838dfb36a344d7a6754f28c52db013c77fe90e36a746cd8f1646422f5d5524f8911c85f44ed0ec7827d00281c799

  • SSDEEP

    12288:TvVCMTiZ8xpz55ELYTyWaXqrFPCV33Uoe0cq3axfZROkDAG:DVNTk8Xz55ELIAqr1g3kEcqGfHCG

Score
10/10
gozi3002bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3002

Attributes
  • exe_type

    worker

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      VirusShare_23a14d08db5657d26e7ae10956f7b68a

    • Size

      561KB

    • MD5

      23a14d08db5657d26e7ae10956f7b68a

    • SHA1

      5e86a634097d462b313f48de8b925c6c2d05ebde

    • SHA256

      a4335506219e4228ebd3d4b63f766352a5bdaef80d7a0c26a17bfd3f8d8a0416

    • SHA512

      68c2073c2cbb0cffdfbe8c296175cdf678ca838dfb36a344d7a6754f28c52db013c77fe90e36a746cd8f1646422f5d5524f8911c85f44ed0ec7827d00281c799

    • SSDEEP

      12288:TvVCMTiZ8xpz55ELYTyWaXqrFPCV33Uoe0cq3axfZROkDAG:DVNTk8Xz55ELIAqr1g3kEcqGfHCG

    Score
    10/10
    gozi3002bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks