General

  • Target

    acec7efbd3650edb74a55c344f222cfd.bin

  • Size

    5.3MB

  • Sample

    240301-c2964aba64

  • MD5

    acec7efbd3650edb74a55c344f222cfd

  • SHA1

    0396e865845cbeb56b70a862c1b8bc6a9fbcbd35

  • SHA256

    5e759b9c3b57325e98015bbad9895cd9e8bc3fa57f79ffd165c65538dc7108d1

  • SHA512

    f4b443e94511ad2815adebe16ec9420931fd805cc15a967eb48c600b6ef6e841afd85af1822419aa3ee3864e34cb52481951ad4c6a57c8b1faf4c0e7089db963

  • SSDEEP

    98304:TNQq+hyeXZP7ykTTCMy9ZITUuaSs1ykTTCMy9ZI:TNQq+hRpP7lTTCMy9Zszs1lTTCMy9Z

Malware Config

Extracted

Family

gozi

Targets

    • Target

      acec7efbd3650edb74a55c344f222cfd.bin

    • Size

      5.3MB

    • MD5

      acec7efbd3650edb74a55c344f222cfd

    • SHA1

      0396e865845cbeb56b70a862c1b8bc6a9fbcbd35

    • SHA256

      5e759b9c3b57325e98015bbad9895cd9e8bc3fa57f79ffd165c65538dc7108d1

    • SHA512

      f4b443e94511ad2815adebe16ec9420931fd805cc15a967eb48c600b6ef6e841afd85af1822419aa3ee3864e34cb52481951ad4c6a57c8b1faf4c0e7089db963

    • SSDEEP

      98304:TNQq+hyeXZP7ykTTCMy9ZITUuaSs1ykTTCMy9ZI:TNQq+hRpP7lTTCMy9Zszs1lTTCMy9Z

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks