General
-
Target
mapper.exe
-
Size
12KB
-
Sample
240309-v83ppsec7v
-
MD5
34971f3bb157d0e9239fba75b00923c9
-
SHA1
30921c9f83b9893447b13b0196b5bf1d668317e5
-
SHA256
0ec4ddc14b405e679b7d84cf497b37eea9d7fceab795a575d54d3a37e5a2bfe6
-
SHA512
706a6f1b0c338aee6ec2f9c56b63e5123d9eac555095d2c91eb2fe2931ad46d91776e2d1dc145eb31de319ef11b1b39802ac2f6e8e4570839788af642768fec7
-
SSDEEP
192:HgFwFDVdfG0nG7ljt4yb+mv1ZcmKfGxj8Jgh:HiODt4Rv+IcmKfGxjp
Malware Config
Extracted
gozi
Targets
-
-
Target
mapper.exe
-
Size
12KB
-
MD5
34971f3bb157d0e9239fba75b00923c9
-
SHA1
30921c9f83b9893447b13b0196b5bf1d668317e5
-
SHA256
0ec4ddc14b405e679b7d84cf497b37eea9d7fceab795a575d54d3a37e5a2bfe6
-
SHA512
706a6f1b0c338aee6ec2f9c56b63e5123d9eac555095d2c91eb2fe2931ad46d91776e2d1dc145eb31de319ef11b1b39802ac2f6e8e4570839788af642768fec7
-
SSDEEP
192:HgFwFDVdfG0nG7ljt4yb+mv1ZcmKfGxj8Jgh:HiODt4Rv+IcmKfGxjp
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-