General
-
Target
2ee02a3784f9afdf20ee9fe30e7ef2f8449f5a907890b6f03504764d27cef70b.exe
-
Size
163KB
-
Sample
240519-l5wbsadd27
-
MD5
0850b37566b220b90fe4a49ae560ca10
-
SHA1
ff45341ae4a465791b4ff78cb1b16e74d5ed1377
-
SHA256
2ee02a3784f9afdf20ee9fe30e7ef2f8449f5a907890b6f03504764d27cef70b
-
SHA512
32286aee577a0fdc328d0ce2b85e2140b5ca5d261e11f3301e15b5723fa7d2d37707b6de3787d6389e11586ee2bf38599ac33f149fd9a1f303e5a79a8f45ed78
-
SSDEEP
1536:PiK6OvtzgB53ZpeViHDPznjffbHDPL3z/7njvrXTfbHDPL3z/7njvrXTfbHDPL3C:OkzgHfcDbOHR7hltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
2ee02a3784f9afdf20ee9fe30e7ef2f8449f5a907890b6f03504764d27cef70b.exe
-
Size
163KB
-
MD5
0850b37566b220b90fe4a49ae560ca10
-
SHA1
ff45341ae4a465791b4ff78cb1b16e74d5ed1377
-
SHA256
2ee02a3784f9afdf20ee9fe30e7ef2f8449f5a907890b6f03504764d27cef70b
-
SHA512
32286aee577a0fdc328d0ce2b85e2140b5ca5d261e11f3301e15b5723fa7d2d37707b6de3787d6389e11586ee2bf38599ac33f149fd9a1f303e5a79a8f45ed78
-
SSDEEP
1536:PiK6OvtzgB53ZpeViHDPznjffbHDPL3z/7njvrXTfbHDPL3z/7njvrXTfbHDPL3C:OkzgHfcDbOHR7hltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-