General
-
Target
b2ff192125b2fc6af2ae615e0b93633786945ce9111902fda29d8fceee2d76d7
-
Size
163KB
-
Sample
240517-dgys1aec2v
-
MD5
266494f4f2aec028356dc423006b27ab
-
SHA1
d5ae20692f73f09dba487f16f7a3f864039f2948
-
SHA256
b2ff192125b2fc6af2ae615e0b93633786945ce9111902fda29d8fceee2d76d7
-
SHA512
ba80dee9f0be060d25f6e7b6264521adb85b7c2ca5f64923ff498cc8ddfe50bb322bb8fac7aa8f7e62068ec9906bb937aa6700c47de95d3596be4b1f2aee73f4
-
SSDEEP
1536:POcPZl86g4DutO8rcdxT1Fqh5VlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:GaZlvgBOecdx18h5VltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
b2ff192125b2fc6af2ae615e0b93633786945ce9111902fda29d8fceee2d76d7
-
Size
163KB
-
MD5
266494f4f2aec028356dc423006b27ab
-
SHA1
d5ae20692f73f09dba487f16f7a3f864039f2948
-
SHA256
b2ff192125b2fc6af2ae615e0b93633786945ce9111902fda29d8fceee2d76d7
-
SHA512
ba80dee9f0be060d25f6e7b6264521adb85b7c2ca5f64923ff498cc8ddfe50bb322bb8fac7aa8f7e62068ec9906bb937aa6700c47de95d3596be4b1f2aee73f4
-
SSDEEP
1536:POcPZl86g4DutO8rcdxT1Fqh5VlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:GaZlvgBOecdx18h5VltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-