General

  • Target

    https://wearedevs.net/exploits

  • Sample

    240513-v4t7rsgd23

Malware Config

Extracted

Family

gozi

Targets

    • Target

      https://wearedevs.net/exploits

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks