General

  • Target

    file.exe

  • Size

    5.9MB

  • Sample

    240312-w1fqmsfh31

  • MD5

    d21ebfa5e971bb5293c9de7a404792a1

  • SHA1

    850cae6b28d100738547f8a86889d71ff5289073

  • SHA256

    cb49adf3033abe1d446541a2b216b7cc9f50cd74494ec7d78dd365c952d3487b

  • SHA512

    2fe8f296117e70a05fa24f0be9250fff84af339eed1bfe46d1c218a0210324b9e0f77ddaf6ad518eca8370fc3023238f7fa13f483f30c545c10fc2e02f973a6f

  • SSDEEP

    49152:VdFCDWU2GG8XKQ3/cdt4osAZo5+cSAsAUSNlLOg/L1Jf2jTiQ/VoJu4E9/+j9Z29:VnCDL2uKecbO4ihsAUoDjj233NmmcPK7

Malware Config

Extracted

Family

gozi

Extracted

Family

risepro

C2

193.233.132.159:50500

Targets

    • Target

      file.exe

    • Size

      5.9MB

    • MD5

      d21ebfa5e971bb5293c9de7a404792a1

    • SHA1

      850cae6b28d100738547f8a86889d71ff5289073

    • SHA256

      cb49adf3033abe1d446541a2b216b7cc9f50cd74494ec7d78dd365c952d3487b

    • SHA512

      2fe8f296117e70a05fa24f0be9250fff84af339eed1bfe46d1c218a0210324b9e0f77ddaf6ad518eca8370fc3023238f7fa13f483f30c545c10fc2e02f973a6f

    • SSDEEP

      49152:VdFCDWU2GG8XKQ3/cdt4osAZo5+cSAsAUSNlLOg/L1Jf2jTiQ/VoJu4E9/+j9Z29:VnCDL2uKecbO4ihsAUoDjj233NmmcPK7

    • Detect ZGRat V1

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks