General

  • Target

    d932f70ed4a5bacf2982c7ceb392cf17fa0bbe4cf6ae5bb0223412a130e6242f

  • Size

    163KB

  • Sample

    240514-df7dragc3s

  • MD5

    5680c21dab978689417c0e20e8ffdbd7

  • SHA1

    4cb4f9de318bc242c8e8c6f8f6e420c38151a2ca

  • SHA256

    d932f70ed4a5bacf2982c7ceb392cf17fa0bbe4cf6ae5bb0223412a130e6242f

  • SHA512

    149bfe0e12b039cecb61f7662f8be8721e72ba479e3c4558e48ee91c4be76a0963152f9f4d78824d0518d07768f7236722c92d41322847679a27cc5178c5f24b

  • SSDEEP

    1536:P80N3Saw07n+O54gRe9e+Ef+/FFFFFFkmyNOJNlProNVU4qNVUrk/9QbfBr+7Gw6:0c80z+O5L4k5OvNltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      d932f70ed4a5bacf2982c7ceb392cf17fa0bbe4cf6ae5bb0223412a130e6242f

    • Size

      163KB

    • MD5

      5680c21dab978689417c0e20e8ffdbd7

    • SHA1

      4cb4f9de318bc242c8e8c6f8f6e420c38151a2ca

    • SHA256

      d932f70ed4a5bacf2982c7ceb392cf17fa0bbe4cf6ae5bb0223412a130e6242f

    • SHA512

      149bfe0e12b039cecb61f7662f8be8721e72ba479e3c4558e48ee91c4be76a0963152f9f4d78824d0518d07768f7236722c92d41322847679a27cc5178c5f24b

    • SSDEEP

      1536:P80N3Saw07n+O54gRe9e+Ef+/FFFFFFkmyNOJNlProNVU4qNVUrk/9QbfBr+7Gw6:0c80z+O5L4k5OvNltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks