gozi

General

Target

cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529
Size

304KB
Sample

240624-k4glkavcje
MD5

9b6b559fa7c7bfddd6b6b98c4a297207
SHA1

9c718b58377404c8d1c38d08bd5a91591d58f4da
SHA256

cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529
SHA512

0a8ccc2aec2999ce7622837885817b9fc7e316174af331d33da9e8f6a654f212fdc05fe467fe7543e25540b02cfe5fee651c578eb6be9141571c9b110fd17f86
SSDEEP

6144:LtxDF4g+xZbJLrAR1bd3HozgsFrfsTZsy64x1V9ukYwTYQeB:JxDeg+9coHsTSy6Suvexe

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

dialerrorbodyorig.org

cserhtmlordi.net

srcubusrctimeouthtml.info

stimeoutbodytimeout.biz

ubuhtmlerrorsubuntudial.info

ditimbodytimeout.com

origsolerhterrorhtml.org

srcerdialtimeout.biz

origstimeoutsoltimeout.biz

timeoutstims.com

diersrcerhtmlerhtml.com

htmlorditimeoutsrc.com

bodycsrcubuntu.org

origbotimeout.net

comhtorboubu.info

timeoutsordierhtmlubuntu.net

ubuntusrccom.com

ubuntudiubuntubo.org

dialcomsrcorig.org

orhtmlcbodyerrorhtml.net

Attributes

exe_type
worker
server_id
12

rsa_pubkey.plain

serpent.plain

Targets

- Target
  
  cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529
- Size
  
  304KB
- MD5
  
  9b6b559fa7c7bfddd6b6b98c4a297207
- SHA1
  
  9c718b58377404c8d1c38d08bd5a91591d58f4da
- SHA256
  
  cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529
- SHA512
  
  0a8ccc2aec2999ce7622837885817b9fc7e316174af331d33da9e8f6a654f212fdc05fe467fe7543e25540b02cfe5fee651c578eb6be9141571c9b110fd17f86
- SSDEEP
  
  6144:LtxDF4g+xZbJLrAR1bd3HozgsFrfsTZsy64x1V9ukYwTYQeB:JxDeg+9coHsTSy6Suvexe
Score

10^/10

gozi 1001 banker isfb trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2