gozi | 323601b883c4efcdfedf91176a6cd3aa74bb1f74430ccaf74ffb7712862bd1f0 | Triage

Submit
Reports

Overview

overview

Static

static

3

b8299962f9...18.exe

windows7-x64

b8299962f9...18.exe

windows10-2004-x64

Sharing

General

Target

b8299962f91574e5e55df6b185ca1863_JaffaCakes118
Size

435KB
Sample

240617-ml8cnsxajd
MD5

b8299962f91574e5e55df6b185ca1863
SHA1

183cf913b5e49a6afafc9f8fa64b13dd43694ad3
SHA256

323601b883c4efcdfedf91176a6cd3aa74bb1f74430ccaf74ffb7712862bd1f0
SHA512

67acec1a142453d99c2b1b13a5fd252b91cd9de3f991fc729a4284712a68af25b9bec5e1a18a03c9118c1f06b2dbee649dfd7e962b7a0e8fab64c4370f77b2bf
SSDEEP

6144:Jas7AFNN4R0Nt4Ca3ge9bZk4tqT+Gh1oHZNCtKtrOm4su4aNZhzD9F:N7AFNN4+Nt4r59tkhPwntrO4a79BF

Score

10^/10

gozi 3533 banker isfb trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b8299962f91574e5e55df6b185ca1863_JaffaCakes118.exe

Resource

win7-20240611-en

gozi 3533 banker isfb trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

b8299962f91574e5e55df6b185ca1863_JaffaCakes118.exe

Resource

win10v2004-20240611-en

gozi 3533 banker isfb trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Attributes

build
214107

Extracted

Family

gozi

Botnet

3533

C2

gmail.com

google.com

s82dortha27r.top

qcnick5990.top

sd6eb.com

Attributes

build
214107
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  b8299962f91574e5e55df6b185ca1863_JaffaCakes118
- Size
  
  435KB
- MD5
  
  b8299962f91574e5e55df6b185ca1863
- SHA1
  
  183cf913b5e49a6afafc9f8fa64b13dd43694ad3
- SHA256
  
  323601b883c4efcdfedf91176a6cd3aa74bb1f74430ccaf74ffb7712862bd1f0
- SHA512
  
  67acec1a142453d99c2b1b13a5fd252b91cd9de3f991fc729a4284712a68af25b9bec5e1a18a03c9118c1f06b2dbee649dfd7e962b7a0e8fab64c4370f77b2bf
- SSDEEP
  
  6144:Jas7AFNN4R0Nt4Ca3ge9bZk4tqT+Gh1oHZNCtKtrOm4su4aNZhzD9F:N7AFNN4+Nt4r59tkhPwntrO4a79BF
Score

10^/10

gozi 3533 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi3533bankerisfbtrojan

behavioral2

gozi3533bankerisfbtrojan

© 2018-2024

Terms | Privacy