General
-
Target
a9a562b7eb3f0b92ff2033c3d2ff67256df9cf94b80b197d084c376fd602d189
-
Size
163KB
-
Sample
240525-catp2aag37
-
MD5
7319d5391ebbd3d6f711f2d38ef84061
-
SHA1
3c473afaf767eac384bd57fdc9d49d8bd8ccc75e
-
SHA256
a9a562b7eb3f0b92ff2033c3d2ff67256df9cf94b80b197d084c376fd602d189
-
SHA512
6dbc596ffc21adf13c382fdede6e769a32dd86fef4d518ea861813a8746ee3d0f23eb25a470a524c240f85a8516c548703453aa0260accfff017713238de8145
-
SSDEEP
1536:PKqgt4xfIR3G1PhujmlFzoLYyNx9V4lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:i9t4xf+LYSx9OltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
a9a562b7eb3f0b92ff2033c3d2ff67256df9cf94b80b197d084c376fd602d189
-
Size
163KB
-
MD5
7319d5391ebbd3d6f711f2d38ef84061
-
SHA1
3c473afaf767eac384bd57fdc9d49d8bd8ccc75e
-
SHA256
a9a562b7eb3f0b92ff2033c3d2ff67256df9cf94b80b197d084c376fd602d189
-
SHA512
6dbc596ffc21adf13c382fdede6e769a32dd86fef4d518ea861813a8746ee3d0f23eb25a470a524c240f85a8516c548703453aa0260accfff017713238de8145
-
SSDEEP
1536:PKqgt4xfIR3G1PhujmlFzoLYyNx9V4lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:i9t4xf+LYSx9OltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-