General
-
Target
71ead9f51c149c931503516271a1112a86d83921a8a17bec322e27c4298f4dc6
-
Size
163KB
-
Sample
240515-3gnepshf5x
-
MD5
2ef6f2ab3dda1ecab6f96e20c8ea47f2
-
SHA1
2dd3dc91a6b1fc70065a965f8164ee0413dea487
-
SHA256
71ead9f51c149c931503516271a1112a86d83921a8a17bec322e27c4298f4dc6
-
SHA512
76147da5f3eb5c5ebe408011e89c6cae709f8df2cb502d25aa1f2de7fac04c9cd64369ac155f6b932248d123bc018a2dc42bb8b9f91f45c713e0387d777c1f09
-
SSDEEP
1536:PiML+CBIuD7bJmw2vF9b+Pom4enxtasJzlProNVU4qNVUrk/9QbfBr+7GwKrPAsf:KMicD/JcvF9W+tsJzltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
71ead9f51c149c931503516271a1112a86d83921a8a17bec322e27c4298f4dc6
-
Size
163KB
-
MD5
2ef6f2ab3dda1ecab6f96e20c8ea47f2
-
SHA1
2dd3dc91a6b1fc70065a965f8164ee0413dea487
-
SHA256
71ead9f51c149c931503516271a1112a86d83921a8a17bec322e27c4298f4dc6
-
SHA512
76147da5f3eb5c5ebe408011e89c6cae709f8df2cb502d25aa1f2de7fac04c9cd64369ac155f6b932248d123bc018a2dc42bb8b9f91f45c713e0387d777c1f09
-
SSDEEP
1536:PiML+CBIuD7bJmw2vF9b+Pom4enxtasJzlProNVU4qNVUrk/9QbfBr+7GwKrPAsf:KMicD/JcvF9W+tsJzltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-