gozi | 2a64d3c1b9a873379dab9ef3c4a4236529940d2a3d8182126cdcfaba6ad72fb3 | Triage

Submit
Reports

Overview

overview

Static

static

3

19cf0f1a01...18.exe

windows7-x64

19cf0f1a01...18.exe

windows10-2004-x64

Sharing

General

Target

19cf0f1a01aa4b001c0baf172952b363_JaffaCakes118
Size

2.0MB
Sample

240628-mnjr4axenq
MD5

19cf0f1a01aa4b001c0baf172952b363
SHA1

2806a09099abe39de1b68a9c66a28bb9ff971e5e
SHA256

2a64d3c1b9a873379dab9ef3c4a4236529940d2a3d8182126cdcfaba6ad72fb3
SHA512

c5646551ecdf5ccb84e9017c8a8aa090ff0ec2fff106c398240f012bd442909b0b6b0986dd54b632102ccf198885bcf354ecdf441e108c04f8b404140e04da49
SSDEEP

49152:/yVkwXM83xZ8ML430uyS/BuoZj/s+4CW3/scFE:/yVxXJx40uXpS3Ux

Score

10^/10

gozi banker isfb trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

19cf0f1a01aa4b001c0baf172952b363_JaffaCakes118.exe

Resource

win7-20240508-en

gozi banker isfb trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

19cf0f1a01aa4b001c0baf172952b363_JaffaCakes118.exe

Resource

win10v2004-20240611-en

gozi banker isfb trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  19cf0f1a01aa4b001c0baf172952b363_JaffaCakes118
- Size
  
  2.0MB
- MD5
  
  19cf0f1a01aa4b001c0baf172952b363
- SHA1
  
  2806a09099abe39de1b68a9c66a28bb9ff971e5e
- SHA256
  
  2a64d3c1b9a873379dab9ef3c4a4236529940d2a3d8182126cdcfaba6ad72fb3
- SHA512
  
  c5646551ecdf5ccb84e9017c8a8aa090ff0ec2fff106c398240f012bd442909b0b6b0986dd54b632102ccf198885bcf354ecdf441e108c04f8b404140e04da49
- SSDEEP
  
  49152:/yVkwXM83xZ8ML430uyS/BuoZj/s+4CW3/scFE:/yVxXJx40uXpS3Ux
Score

10^/10

gozi banker isfb trojan upx
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozibankerisfbtrojanupx

behavioral2

gozibankerisfbtrojanupx

© 2018-2024

Terms | Privacy