General

  • Target

    c012d2e1de038e4f73ee4c5a63c315ac

  • Size

    5.3MB

  • Sample

    240311-g5shnseb9t

  • MD5

    c012d2e1de038e4f73ee4c5a63c315ac

  • SHA1

    be1d5392e4434a0b3285310a91ead9dd652372c5

  • SHA256

    4abbcfd7a7ac93842b8f576b05bd75da1a5fcbb283a6b76ad12d688804b86ae9

  • SHA512

    304c42f1c6ff9a4764d918b9ea00378bf6487aa17b0f036f04f4e360e938348287401ae7ef812dd57a31a62bbc3465265f1f036ca03aa1be266ebff7a4126200

  • SSDEEP

    98304:MPe5HGVWcz5KH0wn0q4RGGIKvfNMx2/E3HdCDT/itlqtXumHeYjY9H0wn0q4RGGq:A8TXUq0q69IKvluR38ritj9Uq0q69IKC

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c012d2e1de038e4f73ee4c5a63c315ac

    • Size

      5.3MB

    • MD5

      c012d2e1de038e4f73ee4c5a63c315ac

    • SHA1

      be1d5392e4434a0b3285310a91ead9dd652372c5

    • SHA256

      4abbcfd7a7ac93842b8f576b05bd75da1a5fcbb283a6b76ad12d688804b86ae9

    • SHA512

      304c42f1c6ff9a4764d918b9ea00378bf6487aa17b0f036f04f4e360e938348287401ae7ef812dd57a31a62bbc3465265f1f036ca03aa1be266ebff7a4126200

    • SSDEEP

      98304:MPe5HGVWcz5KH0wn0q4RGGIKvfNMx2/E3HdCDT/itlqtXumHeYjY9H0wn0q4RGGq:A8TXUq0q69IKvluR38ritj9Uq0q69IKC

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks