General

  • Target

    be0cf91c38c27ea52920ff91c1365004

  • Size

    5.3MB

  • Sample

    240310-jkdvwsfh91

  • MD5

    be0cf91c38c27ea52920ff91c1365004

  • SHA1

    91cac81b1c808999a805cb96b898d08c0da0f341

  • SHA256

    65e5e1808b8b9fae32fc679e93380a705df09ca1d5af1995551bcff0d17e6c20

  • SHA512

    60d4151c33ded83b3246a883dfbec976556bf3e4e3ec3caaa06deca9618ac7155f257a3689f24d7e089b55f43f006df0ba32fcce8b3d5c8f29931a0000d58c40

  • SSDEEP

    98304:lq43yuQ7p6v0ur6tvy1aMUvzp+umg+piur6tvy1aMUp:lZQdYnr6oEMyor6oEMe

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Targets

    • Target

      be0cf91c38c27ea52920ff91c1365004

    • Size

      5.3MB

    • MD5

      be0cf91c38c27ea52920ff91c1365004

    • SHA1

      91cac81b1c808999a805cb96b898d08c0da0f341

    • SHA256

      65e5e1808b8b9fae32fc679e93380a705df09ca1d5af1995551bcff0d17e6c20

    • SHA512

      60d4151c33ded83b3246a883dfbec976556bf3e4e3ec3caaa06deca9618ac7155f257a3689f24d7e089b55f43f006df0ba32fcce8b3d5c8f29931a0000d58c40

    • SSDEEP

      98304:lq43yuQ7p6v0ur6tvy1aMUvzp+umg+piur6tvy1aMUp:lZQdYnr6oEMyor6oEMe

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks