General

  • Target

    4007a647a04ef9b59c1a3e70b9d1770fbc36ffe3693577dfa5f55ef4e76e166d

  • Size

    163KB

  • Sample

    240517-zpcrdsaf73

  • MD5

    2cb32823aad20ce95c21f69e5757039a

  • SHA1

    9025a5bfb51f0a587519d540b14c1b08d919807f

  • SHA256

    4007a647a04ef9b59c1a3e70b9d1770fbc36ffe3693577dfa5f55ef4e76e166d

  • SHA512

    f83335d978c1ec07cdb163069cbd798d2b6daceb468d4f0fe587defdbac07fa03b3017491a26cf2dbb94968f2e213eba9ed847e28f16bcd23b5d0c524eed99bf

  • SSDEEP

    1536:PaIqghXuTTReAnaaj5oNli1NBjy5YZfclProNVU4qNVUrk/9QbfBr+7GwKrPAsqE:7qfte0ljSw1NByqcltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      4007a647a04ef9b59c1a3e70b9d1770fbc36ffe3693577dfa5f55ef4e76e166d

    • Size

      163KB

    • MD5

      2cb32823aad20ce95c21f69e5757039a

    • SHA1

      9025a5bfb51f0a587519d540b14c1b08d919807f

    • SHA256

      4007a647a04ef9b59c1a3e70b9d1770fbc36ffe3693577dfa5f55ef4e76e166d

    • SHA512

      f83335d978c1ec07cdb163069cbd798d2b6daceb468d4f0fe587defdbac07fa03b3017491a26cf2dbb94968f2e213eba9ed847e28f16bcd23b5d0c524eed99bf

    • SSDEEP

      1536:PaIqghXuTTReAnaaj5oNli1NBjy5YZfclProNVU4qNVUrk/9QbfBr+7GwKrPAsqE:7qfte0ljSw1NByqcltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks