General

  • Target

    affc38c8bc3b6df8feb6096344bcff01

  • Size

    5.3MB

  • Sample

    240301-byeqcaaa37

  • MD5

    affc38c8bc3b6df8feb6096344bcff01

  • SHA1

    5edb82a687a98c984ef7b2556b05444defed82be

  • SHA256

    c07e71e9fea9d7a0d34a74a3250ba00ae2638e8653a2c30b06fa9f3f2463462e

  • SHA512

    78baf632aded8c8fd7e2ab81a20db79e1789b9902503c48985002bdbbb1c39e59346cafb213e205501e0dfa923bd13577bde31b7386299c31902bb59d03ae681

  • SSDEEP

    98304:po3IG6Q03XT0o78SCGtymA/rnCEs/cKQjRzUo12wnzSCGtymA/rnCEsf:wuT0o2GtyB/rnCeKaRz+wnXGtyB/rnCN

Malware Config

Extracted

Family

gozi

Targets

    • Target

      affc38c8bc3b6df8feb6096344bcff01

    • Size

      5.3MB

    • MD5

      affc38c8bc3b6df8feb6096344bcff01

    • SHA1

      5edb82a687a98c984ef7b2556b05444defed82be

    • SHA256

      c07e71e9fea9d7a0d34a74a3250ba00ae2638e8653a2c30b06fa9f3f2463462e

    • SHA512

      78baf632aded8c8fd7e2ab81a20db79e1789b9902503c48985002bdbbb1c39e59346cafb213e205501e0dfa923bd13577bde31b7386299c31902bb59d03ae681

    • SSDEEP

      98304:po3IG6Q03XT0o78SCGtymA/rnCEs/cKQjRzUo12wnzSCGtymA/rnCEsf:wuT0o2GtyB/rnCeKaRz+wnXGtyB/rnCN

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks