General

  • Target

    c1e09e0b23d20f1f1fb6c1d2d8200dd0

  • Size

    1.5MB

  • Sample

    240311-3ggbdsbf24

  • MD5

    c1e09e0b23d20f1f1fb6c1d2d8200dd0

  • SHA1

    84f55ea2a000d2677fc894c27d2d9c7771be12a7

  • SHA256

    405d406ab142e973f046ec71b2841e6ff72ec26ab1c28e9e2c9dcf9925b1336e

  • SHA512

    b7b8e6e4068a7d4bf904df278d104f18659d2ede04285f0dc9a72e397da2fdfb12e67aedf2b0dc72f5cd48b7c4310016c4027c5dccc7c6bfadccabc974342dde

  • SSDEEP

    24576:XGTMX55iRF0Cm83KJtHPym1JQrwWeVw2E6p78N3l0Qn8HJ1FnpDcEQgfC3p6iVWP:XGTi2j0z86jSeVFLU3l0QmXcDgfC3p7

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c1e09e0b23d20f1f1fb6c1d2d8200dd0

    • Size

      1.5MB

    • MD5

      c1e09e0b23d20f1f1fb6c1d2d8200dd0

    • SHA1

      84f55ea2a000d2677fc894c27d2d9c7771be12a7

    • SHA256

      405d406ab142e973f046ec71b2841e6ff72ec26ab1c28e9e2c9dcf9925b1336e

    • SHA512

      b7b8e6e4068a7d4bf904df278d104f18659d2ede04285f0dc9a72e397da2fdfb12e67aedf2b0dc72f5cd48b7c4310016c4027c5dccc7c6bfadccabc974342dde

    • SSDEEP

      24576:XGTMX55iRF0Cm83KJtHPym1JQrwWeVw2E6p78N3l0Qn8HJ1FnpDcEQgfC3p6iVWP:XGTi2j0z86jSeVFLU3l0QmXcDgfC3p7

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks