General

  • Target

    c4c6b0dc4ab0afc86171d28444372067

  • Size

    2.7MB

  • Sample

    240313-c9c7bsch43

  • MD5

    c4c6b0dc4ab0afc86171d28444372067

  • SHA1

    1c61c2230845be72fc703160f12426055d815003

  • SHA256

    665f29046f4e012f8abb896b432e3598fe0783251eab533902ba1199bbd53a73

  • SHA512

    90ff7f5c7fd76232ab45f57e3b35c8a1ac632a39ef6826b15cfb96f13c5e367a5739f21db042309107caa39dd8f13c3e2f21ea51dd73e6b783a510d4e0e6944b

  • SSDEEP

    49152:yOeLZdvPqIfxjEolNEx9gsknikR9UqMQvkkWwQKqsXR4mY2Q06DKW+R9j:knznfCgskDHUqMAkkWwQKqsh4mY25MDy

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c4c6b0dc4ab0afc86171d28444372067

    • Size

      2.7MB

    • MD5

      c4c6b0dc4ab0afc86171d28444372067

    • SHA1

      1c61c2230845be72fc703160f12426055d815003

    • SHA256

      665f29046f4e012f8abb896b432e3598fe0783251eab533902ba1199bbd53a73

    • SHA512

      90ff7f5c7fd76232ab45f57e3b35c8a1ac632a39ef6826b15cfb96f13c5e367a5739f21db042309107caa39dd8f13c3e2f21ea51dd73e6b783a510d4e0e6944b

    • SSDEEP

      49152:yOeLZdvPqIfxjEolNEx9gsknikR9UqMQvkkWwQKqsXR4mY2Q06DKW+R9j:knznfCgskDHUqMAkkWwQKqsh4mY25MDy

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks