General

  • Target

    https://cdn.discordapp.com/attachments/1212951313307017216/1213302244553007124/spoofer_FUD_no_rat_ud_methode.exe?ex=65f4fac5&is=65e285c5&hm=e8dee1831a75b67f812c55e0e8bfbf098102a5ac79fdc46a19e30c00df52f9f2&

  • Sample

    240304-rvyxtace2s

Score
10/10

Malware Config

Extracted

Family

gozi

Targets

    • Target

      https://cdn.discordapp.com/attachments/1212951313307017216/1213302244553007124/spoofer_FUD_no_rat_ud_methode.exe?ex=65f4fac5&is=65e285c5&hm=e8dee1831a75b67f812c55e0e8bfbf098102a5ac79fdc46a19e30c00df52f9f2&

    Score
    10/10
    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks