General

  • Target

    c1aa4a2bf58391c09ceacea760f2f655.bin

  • Size

    10.7MB

  • Sample

    240313-cz55cscd54

  • MD5

    c1aa4a2bf58391c09ceacea760f2f655

  • SHA1

    78fae724e151eeab43d79adef90aa96a87198a07

  • SHA256

    ea2964aa2265b8ead3ea2f009c5914f939b704d10ba7c1f695406f136b703271

  • SHA512

    b000da129245890ec08ce9a7f64176272d3ce8188a76456a7011aa6393963ca5a674684d9c237e982904486e1b8554d008ea0e68edefc43bb02bc9765a5d336e

  • SSDEEP

    98304:CIEGU5zmbFRc87YntQTHBSL4oE+QJAgpQTHBSL4XPqd9+qFQTHBSL4oE+QJAgpQz:REkJRc87HzQdMA7z/Pc9+qmzQdMA7z

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c1aa4a2bf58391c09ceacea760f2f655.bin

    • Size

      10.7MB

    • MD5

      c1aa4a2bf58391c09ceacea760f2f655

    • SHA1

      78fae724e151eeab43d79adef90aa96a87198a07

    • SHA256

      ea2964aa2265b8ead3ea2f009c5914f939b704d10ba7c1f695406f136b703271

    • SHA512

      b000da129245890ec08ce9a7f64176272d3ce8188a76456a7011aa6393963ca5a674684d9c237e982904486e1b8554d008ea0e68edefc43bb02bc9765a5d336e

    • SSDEEP

      98304:CIEGU5zmbFRc87YntQTHBSL4oE+QJAgpQTHBSL4XPqd9+qFQTHBSL4oE+QJAgpQz:REkJRc87HzQdMA7z/Pc9+qmzQdMA7z

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Matrix

Tasks