General

  • Target

    mapper.exe

  • Size

    11KB

  • Sample

    240310-q3v1fsdg85

  • MD5

    8d7617283e5dbf574c18467011ee218c

  • SHA1

    add0f9513b7055564ff74ce1b59dab7ee1606a97

  • SHA256

    27ac4656ed2ddbae711ea1fc0a4ec7277c65015166997304bf9ff53622f69fc5

  • SHA512

    a11ce10889a024ef705b30f03f9fd815c198dc2153b02e4da825d5e53ab8de353fac9d941fc603c22a19ed3becb5055f55a4487c18775dca917126a7a98757ae

  • SSDEEP

    192:508Jq6z9SI1BtaU/IgmfggTMnzxqqKkhCKyvSi:50vmdmfggT2QhKyvS

Malware Config

Extracted

Family

gozi

Targets

    • Target

      mapper.exe

    • Size

      11KB

    • MD5

      8d7617283e5dbf574c18467011ee218c

    • SHA1

      add0f9513b7055564ff74ce1b59dab7ee1606a97

    • SHA256

      27ac4656ed2ddbae711ea1fc0a4ec7277c65015166997304bf9ff53622f69fc5

    • SHA512

      a11ce10889a024ef705b30f03f9fd815c198dc2153b02e4da825d5e53ab8de353fac9d941fc603c22a19ed3becb5055f55a4487c18775dca917126a7a98757ae

    • SSDEEP

      192:508Jq6z9SI1BtaU/IgmfggTMnzxqqKkhCKyvSi:50vmdmfggT2QhKyvS

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks