General

  • Target

    fd798132c1603fe1832a71af9e768e8709ac606588d2e55ae0c437a72b8afd66

  • Size

    163KB

  • Sample

    240512-gsrqlsbh9s

  • MD5

    a299f0deab224a9bbf9b261caab8e1b8

  • SHA1

    24ece0d0c87bb5aedb02bd88f787aecd232daccb

  • SHA256

    fd798132c1603fe1832a71af9e768e8709ac606588d2e55ae0c437a72b8afd66

  • SHA512

    07be5e57c05e198d0334fbd53d16bf59adec8bf31daccbcdbb9fb14118f962b8eb0966484f133cff8df378bae6a0236be2c1fea2e780f51103d2c6c5a7d619c9

  • SSDEEP

    1536:P0+bvcEmf7JPX95RpqjvTylProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:c+bkvFPzRpsvTyltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      fd798132c1603fe1832a71af9e768e8709ac606588d2e55ae0c437a72b8afd66

    • Size

      163KB

    • MD5

      a299f0deab224a9bbf9b261caab8e1b8

    • SHA1

      24ece0d0c87bb5aedb02bd88f787aecd232daccb

    • SHA256

      fd798132c1603fe1832a71af9e768e8709ac606588d2e55ae0c437a72b8afd66

    • SHA512

      07be5e57c05e198d0334fbd53d16bf59adec8bf31daccbcdbb9fb14118f962b8eb0966484f133cff8df378bae6a0236be2c1fea2e780f51103d2c6c5a7d619c9

    • SSDEEP

      1536:P0+bvcEmf7JPX95RpqjvTylProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:c+bkvFPzRpsvTyltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks