gozi | d3ef69ffead7812c90f06fb74c7a333cc274fbdaf228eafd72095b3d08feabe0

Analysis

max time kernel
320s
max time network
412s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 14:51

Target

d3ef69ffead7812c90f06fb74c7a333cc274fbdaf228eafd72095b3d08feabe0.exe
Size

1.5MB
MD5

63d0cb0f58071810632b53891e690e7c
SHA1

34ce658bac3d45f495bb32d8f2a8dbc5f1359a51
SHA256

d3ef69ffead7812c90f06fb74c7a333cc274fbdaf228eafd72095b3d08feabe0
SHA512

e273924761e610e0a7c612e16c07a99e9f8150dc6f5dfb2bed6ba56c2b3c2c7338f575c3974a2e3c69f0ae1158c6b6d619ddc8deb11b7d7b72f1112db7e25a9b
SSDEEP

24576:38VF19quLJgutHQtwg4kgoLc0KP2VX0Mxl4hxZUtSbTa3ndy+tPs:38T19CutHQtR9LLg2XXxl4hx2ti+bVs

Score

10^/10

Family

gozi

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/5096-132-0x0000000000F60000-0x0000000001278000-memory.dmp	upx
behavioral2/memory/5096-133-0x0000000000F60000-0x0000000001278000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\d3ef69ffead7812c90f06fb74c7a333cc274fbdaf228eafd72095b3d08feabe0.exe
"C:\Users\Admin\AppData\Local\Temp\d3ef69ffead7812c90f06fb74c7a333cc274fbdaf228eafd72095b3d08feabe0.exe"
1⤵
PID:5096

memory/5096-132-0x0000000000F60000-0x0000000001278000-memory.dmp

Filesize
3.1MB

Download
memory/5096-133-0x0000000000F60000-0x0000000001278000-memory.dmp

Filesize
3.1MB

Download