General

  • Target

    b1d18804ed8bf37f9137fc07597204d3

  • Size

    5.3MB

  • Sample

    240304-lssp5agc98

  • MD5

    b1d18804ed8bf37f9137fc07597204d3

  • SHA1

    2ec42cbaf8cfd0a0b9f74e062b8d2d9bcd5e47e0

  • SHA256

    9884204eacca209d4eaac7ffb8de30595113cc9a283c7d7ed61aa9a2e4b74567

  • SHA512

    0127960a6d5ef96a74bcfce275c62b59cf9f6295ae5ea233d42cbc2e60809638a6734dbc0b0886e52353e8c8d3096b89fd70800040abe8ecfe927ac704f47ab8

  • SSDEEP

    98304:2IbHUlkFpLE+TdD59bFYEnoR6ywkn/VtKdAehVE/+TdD59bFYEnoR6ywp:2aUWvp5rokUn/3O0C5rok5

Malware Config

Extracted

Family

gozi

Targets

    • Target

      b1d18804ed8bf37f9137fc07597204d3

    • Size

      5.3MB

    • MD5

      b1d18804ed8bf37f9137fc07597204d3

    • SHA1

      2ec42cbaf8cfd0a0b9f74e062b8d2d9bcd5e47e0

    • SHA256

      9884204eacca209d4eaac7ffb8de30595113cc9a283c7d7ed61aa9a2e4b74567

    • SHA512

      0127960a6d5ef96a74bcfce275c62b59cf9f6295ae5ea233d42cbc2e60809638a6734dbc0b0886e52353e8c8d3096b89fd70800040abe8ecfe927ac704f47ab8

    • SSDEEP

      98304:2IbHUlkFpLE+TdD59bFYEnoR6ywkn/VtKdAehVE/+TdD59bFYEnoR6ywp:2aUWvp5rokUn/3O0C5rok5

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks