Gozi

Gozi ISFB Ursnif banking trojan. RegSaveKeyA registry dump. NotifyBootConfigStatus boot persistence.

Threat Profile
Type Botnet
Programming LanguageC++
C2 ProtocolHTTP (RC4)
First Seen2007
Targets Avrupa/Kuresel Finansal
Purpose / Capabilities
  • Banking Fraud/Form Grab
No C2 servers have been identified for this family yet.

Research Reports (3)

High

Gozi2 -- atw3.dll Kısa DLL, RegSaveKeyA Registry Dökümü, NotifyBootConfigStatus Önyükleme Kalıcılığı | Yüksek

Gozi2 468KB atw3.dll kisa DLL. RegSaveKeyA kayit defteri dosya döküm. NotifyBootConfigStatus Windows boot config API. SHEnumKeyExA kabuk anahtari sayimi.

Read Report →
Critical

Gozi/Ursnif -- 467KB DLL, atw3.dll, 776 String Yoğun Paketleme, C2 Config | Kritik

Gozi Ursnif 467KB DLL (atw3.dll). 776 string yoğun paketleme. 252C2U2e2r2 C2 config.

Read Report →
High

Gozi/ISFB Banking Trojan — atw3.dll Sifrelenmis DLL, 776 String, Yuksek Paketleme | Yuksek

Gozi/ISFB banking trojan atw3.dll. 776 string, yuksek paketleme seviyesi. Web inject, keylog, form grab yetenekleri.

Read Report →