General

  • Target

    c4c0908f13e4d702ba4302c6b615b684

  • Size

    2.9MB

  • Sample

    240313-c1s67aae5s

  • MD5

    c4c0908f13e4d702ba4302c6b615b684

  • SHA1

    3afdfa7daf85727b3c3c8a9df5c7af6513e2a854

  • SHA256

    6e9d832c5728f7e03e304db7b956def1e4db3355d8418c23894f5e00efec0f0f

  • SHA512

    8b4ce25297e5247bdcf4af48d32ddfa2d3c38282b3af4f1ff7de14c6dbbc7805694ab13c25333e3058a2c93383c687c8e6368e843b27775721099927bd531aa2

  • SSDEEP

    49152:UbbfbSJzHomwXIL66oUCpFN74NH5HUyNRcUsCVOzetdZJ:gyImwB74HBUCczzM3

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c4c0908f13e4d702ba4302c6b615b684

    • Size

      2.9MB

    • MD5

      c4c0908f13e4d702ba4302c6b615b684

    • SHA1

      3afdfa7daf85727b3c3c8a9df5c7af6513e2a854

    • SHA256

      6e9d832c5728f7e03e304db7b956def1e4db3355d8418c23894f5e00efec0f0f

    • SHA512

      8b4ce25297e5247bdcf4af48d32ddfa2d3c38282b3af4f1ff7de14c6dbbc7805694ab13c25333e3058a2c93383c687c8e6368e843b27775721099927bd531aa2

    • SSDEEP

      49152:UbbfbSJzHomwXIL66oUCpFN74NH5HUyNRcUsCVOzetdZJ:gyImwB74HBUCczzM3

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks