gozi | 92c1c420017c96ef6a4862420bb98fc3c305e5a66d8b8e13d5a88d250e006568 | Triage

Submit
Reports

Overview

overview

Static

static

3

92c1c42001...cs.exe

windows7-x64

92c1c42001...cs.exe

windows10-2004-x64

Sharing

General

Target

92c1c420017c96ef6a4862420bb98fc3c305e5a66d8b8e13d5a88d250e006568_NeikiAnalytics.exe
Size

163KB
Sample

240622-m2pkhaygpr
MD5

b2397a0c15b927ffe22b52cefdec4760
SHA1

f795e6d4544efc8201691367be13268d9b071859
SHA256

92c1c420017c96ef6a4862420bb98fc3c305e5a66d8b8e13d5a88d250e006568
SHA512

20a8e1bdec137dd7d70e1721ae0a41988ee3ad3da49558788303a45bfd33ffe467a962219dca0101fb5dcd50df3938b413352e33da4c5bccbda59f7095003820
SSDEEP

1536:P8iXV+Qco1rcDSdO/yslProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:flQnmdO/ysltOrWKDBr+yJb

Score

10^/10

gozi banker isfb persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

92c1c420017c96ef6a4862420bb98fc3c305e5a66d8b8e13d5a88d250e006568_NeikiAnalytics.exe

Resource

win7-20240419-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

92c1c420017c96ef6a4862420bb98fc3c305e5a66d8b8e13d5a88d250e006568_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

gozi banker isfb persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  92c1c420017c96ef6a4862420bb98fc3c305e5a66d8b8e13d5a88d250e006568_NeikiAnalytics.exe
- Size
  
  163KB
- MD5
  
  b2397a0c15b927ffe22b52cefdec4760
- SHA1
  
  f795e6d4544efc8201691367be13268d9b071859
- SHA256
  
  92c1c420017c96ef6a4862420bb98fc3c305e5a66d8b8e13d5a88d250e006568
- SHA512
  
  20a8e1bdec137dd7d70e1721ae0a41988ee3ad3da49558788303a45bfd33ffe467a962219dca0101fb5dcd50df3938b413352e33da4c5bccbda59f7095003820
- SSDEEP
  
  1536:P8iXV+Qco1rcDSdO/yslProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:flQnmdO/ysltOrWKDBr+yJb
Score

10^/10

persistence gozi banker isfb trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

gozibankerisfbpersistencetrojan

© 2018-2024

Terms | Privacy