General

  • Target

    spoofer_FUD_no_rat_ud_methode.exe

  • Size

    12KB

  • Sample

    240303-db99vabg9x

  • MD5

    bdcee724628c5c04f401b26429a06b08

  • SHA1

    319702d9ebaa92c2f75277c3307898a2043b2425

  • SHA256

    dff6882f7fe9414df2dbc785e62bfd701946ab80fe2bcd3942b914fd5c2b31b4

  • SHA512

    769d5ebdf8683a35a5960dfb5b1a9347e999c4d93e1f8581a9b0a58750af3304c96be6af50e455c11a185f54fd3d03f7346d6afc01cadf39f42f4534a650dfc2

  • SSDEEP

    192:mOldg+izUB5pEDoXEDbsshvYGV9FboyfdWbpGhBy8JgW9:mdxMXXEbJhv9Roy5ks

Score
10/10

Malware Config

Extracted

Family

gozi

Targets

    • Target

      spoofer_FUD_no_rat_ud_methode.exe

    • Size

      12KB

    • MD5

      bdcee724628c5c04f401b26429a06b08

    • SHA1

      319702d9ebaa92c2f75277c3307898a2043b2425

    • SHA256

      dff6882f7fe9414df2dbc785e62bfd701946ab80fe2bcd3942b914fd5c2b31b4

    • SHA512

      769d5ebdf8683a35a5960dfb5b1a9347e999c4d93e1f8581a9b0a58750af3304c96be6af50e455c11a185f54fd3d03f7346d6afc01cadf39f42f4534a650dfc2

    • SSDEEP

      192:mOldg+izUB5pEDoXEDbsshvYGV9FboyfdWbpGhBy8JgW9:mdxMXXEbJhv9Roy5ks

    Score
    10/10
    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks