gozi | 4743dff7bf5c1aa61b45c2bb674f666c2a02afd2f55112f2e91ef3a86285a628 | Triage

Submit
Reports

Overview

overview

Static

static

3

a06da98b18...18.exe

windows7-x64

a06da98b18...18.exe

windows10-2004-x64

Sharing

General

Target

a06da98b18ab1ba7e28d26918994da08_JaffaCakes118
Size

242KB
Sample

240612-m5zvmssclc
MD5

a06da98b18ab1ba7e28d26918994da08
SHA1

e6c588621bb57f96e37279ca52d11e480bd45eac
SHA256

4743dff7bf5c1aa61b45c2bb674f666c2a02afd2f55112f2e91ef3a86285a628
SHA512

95ff093583f346754a78027cc4f20c91f2bda467ae0e05d1c7c3ca609a519202cbb8afb69321a369812f48b7f3458e94567b11b70d3db174865e1c695511ffb1
SSDEEP

3072:73DuNsgrBDc1ahPzHykLXX2OQFL9W3aeeFUtxu77euFruksbEF3fpPf+XKFD8T5V:7362grvzSkLHx3eF6xu7T+Ebfqv1V

Score

10^/10

gozi banker isfb trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a06da98b18ab1ba7e28d26918994da08_JaffaCakes118.exe

Resource

win7-20240508-en

gozi banker isfb trojan

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

a06da98b18ab1ba7e28d26918994da08_JaffaCakes118.exe

Resource

win10v2004-20240508-en

gozi banker isfb trojan

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  a06da98b18ab1ba7e28d26918994da08_JaffaCakes118
- Size
  
  242KB
- MD5
  
  a06da98b18ab1ba7e28d26918994da08
- SHA1
  
  e6c588621bb57f96e37279ca52d11e480bd45eac
- SHA256
  
  4743dff7bf5c1aa61b45c2bb674f666c2a02afd2f55112f2e91ef3a86285a628
- SHA512
  
  95ff093583f346754a78027cc4f20c91f2bda467ae0e05d1c7c3ca609a519202cbb8afb69321a369812f48b7f3458e94567b11b70d3db174865e1c695511ffb1
- SSDEEP
  
  3072:73DuNsgrBDc1ahPzHykLXX2OQFL9W3aeeFUtxu77euFruksbEF3fpPf+XKFD8T5V:7362grvzSkLHx3eF6xu7T+Ebfqv1V
Score

10^/10

gozi banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

gozibankerisfbtrojan

behavioral2

gozibankerisfbtrojan

© 2018-2024

Terms | Privacy