General

  • Target

    updater.exe

  • Size

    12KB

  • Sample

    240310-w7behaac2x

  • MD5

    90059cae17f089b18aabff2b911befda

  • SHA1

    d1ba2e521124925669f9529c2a258402f58b20ee

  • SHA256

    f94342f97c194dc2d475c4bb5cf4626d6f935b2e0208a61e0f655a5ca0c88f4c

  • SHA512

    2d65140c12a4ae559ff2e04bdb6e817933bce5ad151ae194231f2be1e33f69ecc014edcf159bd1162fbc66ee33ef641d5163e68c8e01f59bf05700b52c87ff9b

  • SSDEEP

    192:xYrE8+eKxaDytZvvH50gc5eqcE8tyvRu1ss8JGL:xY1+N+EZv/2grqRcEu1J5

Malware Config

Extracted

Family

gozi

Targets

    • Target

      updater.exe

    • Size

      12KB

    • MD5

      90059cae17f089b18aabff2b911befda

    • SHA1

      d1ba2e521124925669f9529c2a258402f58b20ee

    • SHA256

      f94342f97c194dc2d475c4bb5cf4626d6f935b2e0208a61e0f655a5ca0c88f4c

    • SHA512

      2d65140c12a4ae559ff2e04bdb6e817933bce5ad151ae194231f2be1e33f69ecc014edcf159bd1162fbc66ee33ef641d5163e68c8e01f59bf05700b52c87ff9b

    • SSDEEP

      192:xYrE8+eKxaDytZvvH50gc5eqcE8tyvRu1ss8JGL:xY1+N+EZv/2grqRcEu1J5

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks