General

  • Target

    0c483ccafa57b26a796c57984d573110_NEAS

  • Size

    163KB

  • Sample

    240507-xyssvsbc6z

  • MD5

    0c483ccafa57b26a796c57984d573110

  • SHA1

    9b4a9d566d83e92bd535f9f79a19ce9184a3f504

  • SHA256

    48fd39a279980bafb2ea3197997cd1778b6aefd0385676d3620e758c77122d9e

  • SHA512

    036f723abcc96d83133f1b716ab098a7f9d6ff5ce776739dea82e52b6d4c647dc62af86010066ec70b935f4683cf9c11ef26937960037b25060f76b59aab7b75

  • SSDEEP

    1536:PiK6OvtzgB53ZpeViHDPznjffbHDPL3z/7njvrXTfbHDPL3z/7njvrXTfbHDPL3B:OkzgHfcDbOHR7mltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      0c483ccafa57b26a796c57984d573110_NEAS

    • Size

      163KB

    • MD5

      0c483ccafa57b26a796c57984d573110

    • SHA1

      9b4a9d566d83e92bd535f9f79a19ce9184a3f504

    • SHA256

      48fd39a279980bafb2ea3197997cd1778b6aefd0385676d3620e758c77122d9e

    • SHA512

      036f723abcc96d83133f1b716ab098a7f9d6ff5ce776739dea82e52b6d4c647dc62af86010066ec70b935f4683cf9c11ef26937960037b25060f76b59aab7b75

    • SSDEEP

      1536:PiK6OvtzgB53ZpeViHDPznjffbHDPL3z/7njvrXTfbHDPL3z/7njvrXTfbHDPL3B:OkzgHfcDbOHR7mltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks