General

  • Target

    c378ad83ae1a3758c07d5fe567dfd8af

  • Size

    9KB

  • Sample

    240312-ql3c7shg21

  • MD5

    c378ad83ae1a3758c07d5fe567dfd8af

  • SHA1

    651898fbeea6cd1bd8f7d618830c58c8e662b09f

  • SHA256

    4ffd2beb213b41f4cd4837745f4dac9edf5c7fc2af2405ddae900ab4f9bc772f

  • SHA512

    f4a5f5746479bda168bc4aaf60be5734cb8fa4f633346623763dd5938c77e0bde5fa8ff0a9b12c454048df1f7db3d184e49614d9d5e47a5aca7ab1e32a1fb85c

  • SSDEEP

    192:ZLLBOcHWbmzYPB0UlSFaNJhLkwcud2DH9VwGfct39+60fK:ZSmAB5lWaNJawcudoD7Ub+HK

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c378ad83ae1a3758c07d5fe567dfd8af

    • Size

      9KB

    • MD5

      c378ad83ae1a3758c07d5fe567dfd8af

    • SHA1

      651898fbeea6cd1bd8f7d618830c58c8e662b09f

    • SHA256

      4ffd2beb213b41f4cd4837745f4dac9edf5c7fc2af2405ddae900ab4f9bc772f

    • SHA512

      f4a5f5746479bda168bc4aaf60be5734cb8fa4f633346623763dd5938c77e0bde5fa8ff0a9b12c454048df1f7db3d184e49614d9d5e47a5aca7ab1e32a1fb85c

    • SSDEEP

      192:ZLLBOcHWbmzYPB0UlSFaNJhLkwcud2DH9VwGfct39+60fK:ZSmAB5lWaNJawcudoD7Ub+HK

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks