General

  • Target

    bf23e60ead2bad9afe9706fd1d9ac690

  • Size

    2.7MB

  • Sample

    240310-vkja6agf98

  • MD5

    bf23e60ead2bad9afe9706fd1d9ac690

  • SHA1

    db0850b1967142ae1d2bd3afc1837bef306ca4fa

  • SHA256

    ceafbf1e45295f6611a13a685a5c8623214de0754bfe9385072138bfaac06a65

  • SHA512

    f2b68c94782fb585d2145a21afdf0c3e57bd1572f239ef4ebda9366569a933f52ce1ef9a7cf87ad8c9aac7674fc7f67afe31376e1d46d0a5a8ae9d22dc740893

  • SSDEEP

    49152:OcJTUMGBsvre1h1RdQLAIL6O5fzR9CKnxaLYDZAo4aevRm8gtRZkk8R9j:OnEvO1TCAIL6mHCsaLYDZ58SgHj

Malware Config

Extracted

Family

gozi

Targets

    • Target

      bf23e60ead2bad9afe9706fd1d9ac690

    • Size

      2.7MB

    • MD5

      bf23e60ead2bad9afe9706fd1d9ac690

    • SHA1

      db0850b1967142ae1d2bd3afc1837bef306ca4fa

    • SHA256

      ceafbf1e45295f6611a13a685a5c8623214de0754bfe9385072138bfaac06a65

    • SHA512

      f2b68c94782fb585d2145a21afdf0c3e57bd1572f239ef4ebda9366569a933f52ce1ef9a7cf87ad8c9aac7674fc7f67afe31376e1d46d0a5a8ae9d22dc740893

    • SSDEEP

      49152:OcJTUMGBsvre1h1RdQLAIL6O5fzR9CKnxaLYDZAo4aevRm8gtRZkk8R9j:OnEvO1TCAIL6mHCsaLYDZ58SgHj

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks