General

  • Target

    c2730d07c03415bc3ec4ab56d87f343d

  • Size

    5.8MB

  • Sample

    240312-e35n4sac93

  • MD5

    c2730d07c03415bc3ec4ab56d87f343d

  • SHA1

    28e5b7540eadf76869baf2e77589cd2b655ea2bd

  • SHA256

    a2e592ae49c8eadfb0ac3b35a64751d38e1fdef0b9cf03d423f181f3fc868190

  • SHA512

    1b1645d549f4c31bd6fc648f7a1c60673f204f75596568f690e3717466a21fbf5a8479da61a924e6164bdb3ac3fbb951c1909dcedd333e778623754c2edca8a1

  • SSDEEP

    98304:CT2+DTgg3gnl/IVUs1jePsqthvHrFHa7a1gg3gnl/IVUs1jePs:hmgl/iBiPftLIagl/iBiP

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c2730d07c03415bc3ec4ab56d87f343d

    • Size

      5.8MB

    • MD5

      c2730d07c03415bc3ec4ab56d87f343d

    • SHA1

      28e5b7540eadf76869baf2e77589cd2b655ea2bd

    • SHA256

      a2e592ae49c8eadfb0ac3b35a64751d38e1fdef0b9cf03d423f181f3fc868190

    • SHA512

      1b1645d549f4c31bd6fc648f7a1c60673f204f75596568f690e3717466a21fbf5a8479da61a924e6164bdb3ac3fbb951c1909dcedd333e778623754c2edca8a1

    • SSDEEP

      98304:CT2+DTgg3gnl/IVUs1jePsqthvHrFHa7a1gg3gnl/IVUs1jePs:hmgl/iBiPftLIagl/iBiP

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks