Overview

overview

10

Static

static

3

bound.exe

windows7-x64

10

bound.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bound.exe

  • Size

    250KB

  • Sample

    240429-1jkeqacg6v

  • MD5

    782f7d8a7961b0a39e3d4185dc43c4c8

  • SHA1

    bc338ae5924dcc92c4955ddbb3226e79c0edca5f

  • SHA256

    cb4c836618033e33a4fb1c331ae5510793a5c0cdb47beaf1a7a3fcde3e5de29a

  • SHA512

    053672047b72e8d64ac92ed9b4a40c5dcf74193281d358f81d5d0f4771497c62d7f28764f982db8a55ed51c2f381b3783a3aa11d85660df5469984babc509b1b

  • SSDEEP

    6144:th3idhONY259BH1DzJ5PzVNtGgc+F9TBd0fYBEoi5e+08hzHKop+y1CRh5+kvJ:th3iXPw9T+Vooe+PhuoQ1fvJ

Score
10/10
gozibankertrojan

Malware Config

Targets

    • Target

      bound.exe

    • Size

      250KB

    • MD5

      782f7d8a7961b0a39e3d4185dc43c4c8

    • SHA1

      bc338ae5924dcc92c4955ddbb3226e79c0edca5f

    • SHA256

      cb4c836618033e33a4fb1c331ae5510793a5c0cdb47beaf1a7a3fcde3e5de29a

    • SHA512

      053672047b72e8d64ac92ed9b4a40c5dcf74193281d358f81d5d0f4771497c62d7f28764f982db8a55ed51c2f381b3783a3aa11d85660df5469984babc509b1b

    • SSDEEP

      6144:th3idhONY259BH1DzJ5PzVNtGgc+F9TBd0fYBEoi5e+08hzHKop+y1CRh5+kvJ:th3iXPw9T+Vooe+PhuoQ1fvJ

    Score
    10/10
    gozibankertrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks