gozi | 70f0516575cb8fc5f70f0fc4d463db9db35a114518043410f1d03d5fdba46a0d | Triage

Submit
Reports

Overview

overview

Static

static

3

04d1aed5d8...18.exe

windows7-x64

04d1aed5d8...18.exe

windows10-2004-x64

Sharing

General

Target

04d1aed5d8791c7e4f7038ae63c1792c_JaffaCakes118
Size

520KB
Sample

240623-cdjz1aygkl
MD5

04d1aed5d8791c7e4f7038ae63c1792c
SHA1

4d9f359fa2ba9e47e825d32c7792c1b34be9d4b0
SHA256

70f0516575cb8fc5f70f0fc4d463db9db35a114518043410f1d03d5fdba46a0d
SHA512

1c180223a102e7deb530b1fb56cbfd39dae57453c328df8382728ccf6b7bfc4506b5176d190d23c93838b57a5988f663b17d72213c8b3215963353fbfcf56dee
SSDEEP

12288:bJ3Y9cNKkdhHSeFAEsbfu+Hvf9mn1WpNtTirdG:bdYKNKkGzbG+InkNTEdG

Score

10^/10

gozi banker bootkit isfb persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

04d1aed5d8791c7e4f7038ae63c1792c_JaffaCakes118.exe

Resource

win7-20240611-en

gozi banker bootkit isfb persistence trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

04d1aed5d8791c7e4f7038ae63c1792c_JaffaCakes118.exe

Resource

win10v2004-20240611-en

gozi banker isfb trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  04d1aed5d8791c7e4f7038ae63c1792c_JaffaCakes118
- Size
  
  520KB
- MD5
  
  04d1aed5d8791c7e4f7038ae63c1792c
- SHA1
  
  4d9f359fa2ba9e47e825d32c7792c1b34be9d4b0
- SHA256
  
  70f0516575cb8fc5f70f0fc4d463db9db35a114518043410f1d03d5fdba46a0d
- SHA512
  
  1c180223a102e7deb530b1fb56cbfd39dae57453c328df8382728ccf6b7bfc4506b5176d190d23c93838b57a5988f663b17d72213c8b3215963353fbfcf56dee
- SSDEEP
  
  12288:bJ3Y9cNKkdhHSeFAEsbfu+Hvf9mn1WpNtTirdG:bdYKNKkGzbG+InkNTEdG
Score

10^/10

gozi banker bootkit isfb persistence trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozibankerbootkitisfbpersistencetrojan

behavioral2

gozibankerisfbtrojan

© 2018-2024

Terms | Privacy