Gozi
Gozi ISFB Ursnif banking trojan. RegSaveKeyA registry dump. NotifyBootConfigStatus boot persistence.
Threat Profile
Type
Botnet
Programming LanguageC++
C2 ProtocolHTTP (RC4)
First Seen2007
Targets
Avrupa/Kuresel Finansal
Purpose / Capabilities
- Banking Fraud/Form Grab
No C2 servers have been identified for this family yet.
Research Reports (3)
Gozi2 -- atw3.dll Kısa DLL, RegSaveKeyA Registry Dökümü, NotifyBootConfigStatus Önyükleme Kalıcılığı | Yüksek
Gozi2 468KB atw3.dll kisa DLL. RegSaveKeyA kayit defteri dosya döküm. NotifyBootConfigStatus Windows boot config API. SHEnumKeyExA kabuk anahtari sayimi.
Read Report →Gozi/Ursnif -- 467KB DLL, atw3.dll, 776 String Yoğun Paketleme, C2 Config | Kritik
Gozi Ursnif 467KB DLL (atw3.dll). 776 string yoğun paketleme. 252C2U2e2r2 C2 config.
Read Report →Gozi/ISFB Banking Trojan — atw3.dll Sifrelenmis DLL, 776 String, Yuksek Paketleme | Yuksek
Gozi/ISFB banking trojan atw3.dll. 776 string, yuksek paketleme seviyesi. Web inject, keylog, form grab yetenekleri.
Read Report →