General

  • Target

    c13ba2d4a639e40449b8d16d7cb6da91

  • Size

    2.9MB

  • Sample

    240311-wh1m4aca45

  • MD5

    c13ba2d4a639e40449b8d16d7cb6da91

  • SHA1

    f817f42291579dfdfb238d8da0c42a935be124c1

  • SHA256

    0ecad342717f758c6d8253ec34115c390dd9246c469abfe53f339ca73a2fd56e

  • SHA512

    324cb98932b0aff550fa44bee215f2c60d585f688ffacf88811ed1350c47c6bc2ef3517cabe2f3be98d0cd8e2637bb91041e672e62ed109850dbc394c4f40d93

  • SSDEEP

    49152:3OpYadTuwP0aVmzsPZqm/fr27N74NH5HUyNRcUsCVOzetdZJ:3SYadTx0iLl44HBUCczzM3

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c13ba2d4a639e40449b8d16d7cb6da91

    • Size

      2.9MB

    • MD5

      c13ba2d4a639e40449b8d16d7cb6da91

    • SHA1

      f817f42291579dfdfb238d8da0c42a935be124c1

    • SHA256

      0ecad342717f758c6d8253ec34115c390dd9246c469abfe53f339ca73a2fd56e

    • SHA512

      324cb98932b0aff550fa44bee215f2c60d585f688ffacf88811ed1350c47c6bc2ef3517cabe2f3be98d0cd8e2637bb91041e672e62ed109850dbc394c4f40d93

    • SSDEEP

      49152:3OpYadTuwP0aVmzsPZqm/fr27N74NH5HUyNRcUsCVOzetdZJ:3SYadTx0iLl44HBUCczzM3

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks