General

  • Target

    c3f00e677eb797d3e15cc3632882099d

  • Size

    5.8MB

  • Sample

    240312-v1fvzagg55

  • MD5

    c3f00e677eb797d3e15cc3632882099d

  • SHA1

    b7cbaa3515d3f4bd52391f95dbadb61202be7347

  • SHA256

    3ec87381ea44298c1859ae491b9b21297cebf1a6d047e5afb4ed868490be3d5f

  • SHA512

    5ae451a887aeb8ab6a08c9f1750326dbc7644c0f9b55ffe54875a00fa66ac13f4031413f3c5fd788bca47c4022761e1cc9a458d73f4015390e8963dcc65506f5

  • SSDEEP

    98304:GWjmbMxKaf8EYMwauZgg3gnl/IVUs1jePsqthvHrFHa7a1gg3gnl/IVUs1jePs:GDe8EtwaIgl/iBiPftLIagl/iBiP

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c3f00e677eb797d3e15cc3632882099d

    • Size

      5.8MB

    • MD5

      c3f00e677eb797d3e15cc3632882099d

    • SHA1

      b7cbaa3515d3f4bd52391f95dbadb61202be7347

    • SHA256

      3ec87381ea44298c1859ae491b9b21297cebf1a6d047e5afb4ed868490be3d5f

    • SHA512

      5ae451a887aeb8ab6a08c9f1750326dbc7644c0f9b55ffe54875a00fa66ac13f4031413f3c5fd788bca47c4022761e1cc9a458d73f4015390e8963dcc65506f5

    • SSDEEP

      98304:GWjmbMxKaf8EYMwauZgg3gnl/IVUs1jePsqthvHrFHa7a1gg3gnl/IVUs1jePs:GDe8EtwaIgl/iBiPftLIagl/iBiP

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks