General

  • Target

    c15bbd07ef93d05c7594fe5dc6367fc1

  • Size

    2.7MB

  • Sample

    240311-xl3sasdd54

  • MD5

    c15bbd07ef93d05c7594fe5dc6367fc1

  • SHA1

    74ae1b627ce01356b9a2e37652e866ae77df21ae

  • SHA256

    06bde6ab994bade27021a5819465c7ab17b7505c09549715530c4505114469b3

  • SHA512

    5843244d31911c6520205ceb925347637a7b5bdcf2e073afbf935c2c09498a254f34a07ddde58c55a067ccfd2a2c8fd963f9c58711c830b559efe66309b03d47

  • SSDEEP

    49152:mj7O5spETmJLuYjDmEhfU05NzPB8XBgS7R9ktBc1+Q4YdxSChG38bDUggR9t:mjTESLzjyExU0zzPB8RgS7HktBcwQDM5

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c15bbd07ef93d05c7594fe5dc6367fc1

    • Size

      2.7MB

    • MD5

      c15bbd07ef93d05c7594fe5dc6367fc1

    • SHA1

      74ae1b627ce01356b9a2e37652e866ae77df21ae

    • SHA256

      06bde6ab994bade27021a5819465c7ab17b7505c09549715530c4505114469b3

    • SHA512

      5843244d31911c6520205ceb925347637a7b5bdcf2e073afbf935c2c09498a254f34a07ddde58c55a067ccfd2a2c8fd963f9c58711c830b559efe66309b03d47

    • SSDEEP

      49152:mj7O5spETmJLuYjDmEhfU05NzPB8XBgS7R9ktBc1+Q4YdxSChG38bDUggR9t:mjTESLzjyExU0zzPB8RgS7HktBcwQDM5

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks