General

  • Target

    7bd1791d0c3cb9d63e641fb2002726b45c189a58d4d9951a29e2a08c3627e3dc

  • Size

    163KB

  • Sample

    240518-21d5psdb37

  • MD5

    2c581380bd8412381f24d49e6cc3f4cb

  • SHA1

    bddc7da41b44b4049e9c9f6d831fee2c0ab57510

  • SHA256

    7bd1791d0c3cb9d63e641fb2002726b45c189a58d4d9951a29e2a08c3627e3dc

  • SHA512

    464c52477bd06a34418129e1d1eca0cdeb1f6f6d19ee652ed9e108501c40c58a980e654dbf80e348ae826c9a0bedd5aae6c3942d9741a920a519e979b0b51a00

  • SSDEEP

    1536:PRb6ojY+LowzM3lD1qvFlB3allProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:5LFaqNlBalltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      7bd1791d0c3cb9d63e641fb2002726b45c189a58d4d9951a29e2a08c3627e3dc

    • Size

      163KB

    • MD5

      2c581380bd8412381f24d49e6cc3f4cb

    • SHA1

      bddc7da41b44b4049e9c9f6d831fee2c0ab57510

    • SHA256

      7bd1791d0c3cb9d63e641fb2002726b45c189a58d4d9951a29e2a08c3627e3dc

    • SHA512

      464c52477bd06a34418129e1d1eca0cdeb1f6f6d19ee652ed9e108501c40c58a980e654dbf80e348ae826c9a0bedd5aae6c3942d9741a920a519e979b0b51a00

    • SSDEEP

      1536:PRb6ojY+LowzM3lD1qvFlB3allProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:5LFaqNlBalltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks