gozi | 1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f | Triage

Submit
Reports

Overview

overview

Static

static

1f26e5f9b4...18.exe

windows7-x64

1f26e5f9b4...18.exe

windows10-2004-x64

7

Sharing

General

Target

1f26e5f9b44c28b37b6cd13283838366_JaffaCakes118
Size

416KB
Sample

240702-njg85stfrr
MD5

1f26e5f9b44c28b37b6cd13283838366
SHA1

272b94c4d1d30dc9478675dd3df4a38029c1113e
SHA256

1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f
SHA512

3d3d10eb33006de70ffa36a5999b9d6ac2eafdff0a27c313542b34cffdbb8b736b5573ce21bd9778ddd0a825c7a807c64e15bd9d284fa80b316464505267936c
SSDEEP

6144:N4IB2aqIOEzOFtXs0ncp2sRAztOf7Yp4jOa9UpU:TBQIsFtXlc4w

Score

10^/10

gozi banker isfb persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1f26e5f9b44c28b37b6cd13283838366_JaffaCakes118.exe

Resource

win7-20240611-en

gozi banker isfb persistence trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f26e5f9b44c28b37b6cd13283838366_JaffaCakes118.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  1f26e5f9b44c28b37b6cd13283838366_JaffaCakes118
- Size
  
  416KB
- MD5
  
  1f26e5f9b44c28b37b6cd13283838366
- SHA1
  
  272b94c4d1d30dc9478675dd3df4a38029c1113e
- SHA256
  
  1225de9af9f6b29985e9304fa1056b8c7da036215a5e054c0ff6d7129c91a59f
- SHA512
  
  3d3d10eb33006de70ffa36a5999b9d6ac2eafdff0a27c313542b34cffdbb8b736b5573ce21bd9778ddd0a825c7a807c64e15bd9d284fa80b316464505267936c
- SSDEEP
  
  6144:N4IB2aqIOEzOFtXs0ncp2sRAztOf7Yp4jOa9UpU:TBQIsFtXlc4w
Score

10^/10

gozi banker isfb persistence trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Server Software Component: Terminal Services DLL
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozibankerisfbpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy