Overview

overview

10

Static

static

3

354afc029f...18.exe

windows7-x64

10

354afc029f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    354afc029f507bb8574cf1fcc56deea9_JaffaCakes118

  • Size

    532KB

  • Sample

    240511-szl99age89

  • MD5

    354afc029f507bb8574cf1fcc56deea9

  • SHA1

    3790949a1ed97581f5198a9ca0b8e76455e58e76

  • SHA256

    1af90c27e4e26ec85d6c574a301660cedbe5b58f3cbefb8f0bdbe797d8b988cb

  • SHA512

    9fa7b9900fb35ff00fb8f1d34892c92502286245b4f40844d8c340319299fa06efd33b017d836222f8f38336c2edc54837446d32b42e93dfd49eea0a13c5d9c4

  • SSDEEP

    12288:gObctOE9mONxfSiCjtFYS9ief6JsYVtajaxIABxnjG8oi8WrT:YORONpSJtFTNYV4jZABlG8h1/

Score
10/10
gozibankerisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215798

rsa_pubkey.plain

Targets

    • Target

      354afc029f507bb8574cf1fcc56deea9_JaffaCakes118

    • Size

      532KB

    • MD5

      354afc029f507bb8574cf1fcc56deea9

    • SHA1

      3790949a1ed97581f5198a9ca0b8e76455e58e76

    • SHA256

      1af90c27e4e26ec85d6c574a301660cedbe5b58f3cbefb8f0bdbe797d8b988cb

    • SHA512

      9fa7b9900fb35ff00fb8f1d34892c92502286245b4f40844d8c340319299fa06efd33b017d836222f8f38336c2edc54837446d32b42e93dfd49eea0a13c5d9c4

    • SSDEEP

      12288:gObctOE9mONxfSiCjtFYS9ief6JsYVtajaxIABxnjG8oi8WrT:YORONpSJtFTNYV4jZABlG8h1/

    Score
    10/10
    gozibankerisfbpersistencetrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks