General

  • Target

    b47f3873c73cb40a6dd4e304d87641ee

  • Size

    1.5MB

  • Sample

    240305-mpws2scg8t

  • MD5

    b47f3873c73cb40a6dd4e304d87641ee

  • SHA1

    45b4ff3d08d4e18ae24d1bb7d108a20aef9ebc3e

  • SHA256

    5fb393ff6f4aac4e8a99eba37e1a329d89fd3d967757b7216c883ada3704ec95

  • SHA512

    e74f78e7dab3c081f4a66f6033a9d163ca76563212ebbf7de3e2964eb8916412b1dde3d20a720fa0b29799f9b0e90c04f82f6efc7c1e79aa0c9cd981c01c59b0

  • SSDEEP

    24576:0dDKpclTVGxAu8LR/KTNSzr3QfSZQMmyZO3vkfGk1M3TcWvW:0dDKYGGTLR/K4PmSZQdswv

Malware Config

Extracted

Family

gozi

Targets

    • Target

      b47f3873c73cb40a6dd4e304d87641ee

    • Size

      1.5MB

    • MD5

      b47f3873c73cb40a6dd4e304d87641ee

    • SHA1

      45b4ff3d08d4e18ae24d1bb7d108a20aef9ebc3e

    • SHA256

      5fb393ff6f4aac4e8a99eba37e1a329d89fd3d967757b7216c883ada3704ec95

    • SHA512

      e74f78e7dab3c081f4a66f6033a9d163ca76563212ebbf7de3e2964eb8916412b1dde3d20a720fa0b29799f9b0e90c04f82f6efc7c1e79aa0c9cd981c01c59b0

    • SSDEEP

      24576:0dDKpclTVGxAu8LR/KTNSzr3QfSZQMmyZO3vkfGk1M3TcWvW:0dDKYGGTLR/K4PmSZQdswv

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks