gozi | 34ad177800e89a94d27b7ea4f39cd805c2910fa6afcb835501567b59415af0ed | Triage

Submit
Reports

Overview

overview

Static

static

3

bd3f26523c...18.dll

windows7-x64

bd3f26523c...18.dll

windows10-2004-x64

Sharing

General

Target

bd3f26523c5cad6fe9632bfd4f6449bc_JaffaCakes118
Size

541KB
Sample

240619-h5y6wswfnb
MD5

bd3f26523c5cad6fe9632bfd4f6449bc
SHA1

492f9c4bb1bba2f94b889e9de68e9a6b0289de41
SHA256

34ad177800e89a94d27b7ea4f39cd805c2910fa6afcb835501567b59415af0ed
SHA512

116b5bbf456ac0863cd787fe45b4bf9729d94aaffe2a4f05b150a85f66c04cfa2faf179ba0a8f5abd5358470831c05ded6663402adf9d5085c9631fd898f4587
SSDEEP

12288:VF75Cm31VCpGJfLnba3vpFs10bjZca/HhJL+7Jt:VF75R3He1fZca7L+7

Score

10^/10

gozi 7220 banker isfb trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bd3f26523c5cad6fe9632bfd4f6449bc_JaffaCakes118.dll

Resource

win7-20240611-en

gozi 7220 banker isfb trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

bd3f26523c5cad6fe9632bfd4f6449bc_JaffaCakes118.dll

Resource

win10v2004-20240508-en

gozi 7220 banker isfb trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7220

C2

pop53334.yahoo.com

web.kundertviolas.com

Attributes

build
250154
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  bd3f26523c5cad6fe9632bfd4f6449bc_JaffaCakes118
- Size
  
  541KB
- MD5
  
  bd3f26523c5cad6fe9632bfd4f6449bc
- SHA1
  
  492f9c4bb1bba2f94b889e9de68e9a6b0289de41
- SHA256
  
  34ad177800e89a94d27b7ea4f39cd805c2910fa6afcb835501567b59415af0ed
- SHA512
  
  116b5bbf456ac0863cd787fe45b4bf9729d94aaffe2a4f05b150a85f66c04cfa2faf179ba0a8f5abd5358470831c05ded6663402adf9d5085c9631fd898f4587
- SSDEEP
  
  12288:VF75Cm31VCpGJfLnba3vpFs10bjZca/HhJL+7Jt:VF75R3He1fZca7L+7
Score

10^/10

gozi 7220 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozi7220bankerisfbtrojan

behavioral2

gozi7220bankerisfbtrojan

© 2018-2024

Terms | Privacy