General

  • Target

    d89dcaadb06795b258eeff03d5490853de68adc306d60ff7f1ddb976a0dd9b0e

  • Size

    245KB

  • Sample

    240515-eak41aff8w

  • MD5

    ca1ee7f494a03c774661928fa2c13feb

  • SHA1

    4487454a8ac72a031bdab4536d761e736adf308b

  • SHA256

    d89dcaadb06795b258eeff03d5490853de68adc306d60ff7f1ddb976a0dd9b0e

  • SHA512

    bca534fb552872f0ccb973777866e2d179a2a5239678e0feec11d5a37db8e9cac010a1fc5572a2fd23376f2d7cfe933cd5e7107912e62e42cc759e7955f6b75a

  • SSDEEP

    1536:D5NE5b+C9kDY8r79ZK22zCB7/4cXeXvubKrFEwMEwKhbArEwKhQL4cXeXvubKr:D5S+CCc83SnmB7wago+bAr+Qka

Malware Config

Extracted

Family

gozi

Targets

    • Target

      d89dcaadb06795b258eeff03d5490853de68adc306d60ff7f1ddb976a0dd9b0e

    • Size

      245KB

    • MD5

      ca1ee7f494a03c774661928fa2c13feb

    • SHA1

      4487454a8ac72a031bdab4536d761e736adf308b

    • SHA256

      d89dcaadb06795b258eeff03d5490853de68adc306d60ff7f1ddb976a0dd9b0e

    • SHA512

      bca534fb552872f0ccb973777866e2d179a2a5239678e0feec11d5a37db8e9cac010a1fc5572a2fd23376f2d7cfe933cd5e7107912e62e42cc759e7955f6b75a

    • SSDEEP

      1536:D5NE5b+C9kDY8r79ZK22zCB7/4cXeXvubKrFEwMEwKhbArEwKhQL4cXeXvubKr:D5S+CCc83SnmB7wago+bAr+Qka

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks