General

  • Target

    virussign.com_6699e3bc488aaff660cbbe550c6d9360.vir

  • Size

    163KB

  • Sample

    240303-kcr8zsfg9v

  • MD5

    6699e3bc488aaff660cbbe550c6d9360

  • SHA1

    f1a3bdae2f1b3e7af728fba9817e1ee51da6d99b

  • SHA256

    7beb833d7088f96d27e82575eba5dcd56b71d6ff63ca86fce1e7f8d638a32569

  • SHA512

    dd48950804ad4f15855c955f5624907751a9301731488203823e82e864d802405cc046f46bc7ef845f81b0cee4142d5148af39641e8f185cf819659136a03f1f

  • SSDEEP

    1536:PXka7DZcRQo3+r5vJuuiFsfzlhdq+Ft3utwlProNVU4qNVUrk/9QbfBr+7GwKrPb:cm7jo+FtetwltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      virussign.com_6699e3bc488aaff660cbbe550c6d9360.vir

    • Size

      163KB

    • MD5

      6699e3bc488aaff660cbbe550c6d9360

    • SHA1

      f1a3bdae2f1b3e7af728fba9817e1ee51da6d99b

    • SHA256

      7beb833d7088f96d27e82575eba5dcd56b71d6ff63ca86fce1e7f8d638a32569

    • SHA512

      dd48950804ad4f15855c955f5624907751a9301731488203823e82e864d802405cc046f46bc7ef845f81b0cee4142d5148af39641e8f185cf819659136a03f1f

    • SSDEEP

      1536:PXka7DZcRQo3+r5vJuuiFsfzlhdq+Ft3utwlProNVU4qNVUrk/9QbfBr+7GwKrPb:cm7jo+FtetwltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks