General

  • Target

    Test_build.zip

  • Size

    8KB

  • Sample

    240301-px14vagb3y

  • MD5

    a31444f186338abac1a3e29c4d054e56

  • SHA1

    9a325e8dc7f74d48f6716be3acecd9ce52cd5258

  • SHA256

    e1344f0a42033fea7eb7b506a0cd33b74c6a83f86211da208c0c996d82546d9b

  • SHA512

    be7d6967bfbf80984d7de7896a8dd728c63daa1c0b77d529f46c3d5fd765b159c55a413100639fabeaca226456ff45a4cd47448740626064f393bb672420492b

  • SSDEEP

    192:kwTdZMa0p+gQmtHZZRP+rqQJhN4cGelKApR6MDg2Rk9YkKAFc2:kwTJ0wgTZZRP+pJhN4pelKgHhuKAFc2

Score
10/10

Malware Config

Extracted

Family

gozi

Targets

    • Target

      Test.exe

    • Size

      11KB

    • MD5

      5316f94f8fffd08c5310cb0f6846218d

    • SHA1

      2f9638c6c3a4effe1c20607e8ebede6d02a4200a

    • SHA256

      f0ae556ffd859de70b76b7b78f115dd4088b401ccf65e68b19e701893ec3e540

    • SHA512

      8e04564f2c654d5c7ae5626c7fe274c82353eec7214ee3a29eae09d14cfee8015a882fae5a05dc5dbeddde714ab9d577ad0279218ce115f705f219ffc6e8a632

    • SSDEEP

      192:5S8JjCBhb3B0xo/+54+tl1PSLqe9psG0UmXwsq2WU81I6hhMH:5SOS5B0xp57lcLqeTsFX5q2WVW6g

    Score
    10/10
    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks