General

  • Target

    af7a57542e8d95faf0b2c66908a85d73

  • Size

    2.7MB

  • Sample

    240229-zz3qkadb23

  • MD5

    af7a57542e8d95faf0b2c66908a85d73

  • SHA1

    d6a46a614653c7efd9cb54bae4c5d8fa3a4de1d0

  • SHA256

    39f1780cc5a0f834644c7704223c88e0a114535eeb1995697fd5168acaf06c9f

  • SHA512

    48ce6980ae463e0b65ed8ccfcc425af3f915a0e7d2df406604bbddc48de55edb5db178ce85b0fd7fb92d43bb1ec5a706894043509cd216e75b74c2acc16d75b7

  • SSDEEP

    49152:wLF37dzPY1NWAdmwR9ktBc1+Q4YdxSChG38bDUggR9t:wLFpPu7d9HktBcwQDM2YIDULHt

Malware Config

Extracted

Family

gozi

Targets

    • Target

      af7a57542e8d95faf0b2c66908a85d73

    • Size

      2.7MB

    • MD5

      af7a57542e8d95faf0b2c66908a85d73

    • SHA1

      d6a46a614653c7efd9cb54bae4c5d8fa3a4de1d0

    • SHA256

      39f1780cc5a0f834644c7704223c88e0a114535eeb1995697fd5168acaf06c9f

    • SHA512

      48ce6980ae463e0b65ed8ccfcc425af3f915a0e7d2df406604bbddc48de55edb5db178ce85b0fd7fb92d43bb1ec5a706894043509cd216e75b74c2acc16d75b7

    • SSDEEP

      49152:wLF37dzPY1NWAdmwR9ktBc1+Q4YdxSChG38bDUggR9t:wLFpPu7d9HktBcwQDM2YIDULHt

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks