General

  • Target

    c7681c22d523006d9c3add3fa41a153b

  • Size

    483KB

  • Sample

    240314-cjqpqsfh8y

  • MD5

    c7681c22d523006d9c3add3fa41a153b

  • SHA1

    628c15be81b6fc96eaabfdebecac2548699a295c

  • SHA256

    f565b0130f788c545bc043de75979acc5265ddf4d5601d1b356c8303fdc9a684

  • SHA512

    5f3822aca29be6f7d6d822dfceadc758444b609d47c56b75803d97f7db0170808b3e5ee659412fc7c80c26f02a8465bfffa3313fa425b2a607612aefa507d65b

  • SSDEEP

    12288:Lm/ldWpPJexHnEWhaYqlq7ewBOvo4IWYyic2IL/Vi:Lm/2pIxHnEB9Q7e4JjWZfL/E

Score
10/10

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c7681c22d523006d9c3add3fa41a153b

    • Size

      483KB

    • MD5

      c7681c22d523006d9c3add3fa41a153b

    • SHA1

      628c15be81b6fc96eaabfdebecac2548699a295c

    • SHA256

      f565b0130f788c545bc043de75979acc5265ddf4d5601d1b356c8303fdc9a684

    • SHA512

      5f3822aca29be6f7d6d822dfceadc758444b609d47c56b75803d97f7db0170808b3e5ee659412fc7c80c26f02a8465bfffa3313fa425b2a607612aefa507d65b

    • SSDEEP

      12288:Lm/ldWpPJexHnEWhaYqlq7ewBOvo4IWYyic2IL/Vi:Lm/2pIxHnEB9Q7e4JjWZfL/E

    Score
    7/10
    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks