Overview

overview

10

Static

static

3

EacDriverBE.exe

windows10-1703-x64

10

obs.exe

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EacDriverBE.zip

  • Size

    4.7MB

  • Sample

    240527-tjyh1shg6v

  • MD5

    037e1a81299dccb9cfae3f27fda2d046

  • SHA1

    52b0fbc930bfb72a4775d39da91c69d46734c00a

  • SHA256

    d4fd84db4cd115337bc9d97179df644966942b5f0574e0df6551cf32cfd869a2

  • SHA512

    31f4c453a1240f657b627704fb0a4696055b470521bb7652257588e343bb6ea2531650dc8e03ffcd4253058a5b14a4fe5e1011856e97ea3f12439fac959fd312

  • SSDEEP

    98304:nrx2fHCQ+pGZf7h4Ps7Fik7PEhJtvtXogrf4EKDTplvgKj1TEjacMfI07Uvs/oqg:AfHCQT7h4U7gk7PEhbZo0f4EKXvgKBmf

Score
10/10
gozibankerisfbtrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      EacDriverBE.exe

    • Size

      11KB

    • MD5

      c6b2c74b647dcbbea223c51925c5c7dd

    • SHA1

      071fa2b1394d2c95553149fd5eb643e0291927b3

    • SHA256

      c5f1d37d96ed0788783f626a376144f85887a182155fed3b637744d9d9215a22

    • SHA512

      ff1d378751d2722c165293b1dbefccc9aad42cb653f20178bbcbbc3318d6da0592e9099b7030f268c7cd60bc3e782ed2d66ddbf485391596f659b1e4c3c47b6c

    • SSDEEP

      192:5S8JnK2fj6JIFjsJwpVwP456gijoVIgMa42JjrUxF59ooFIda:5S92L5FIJw/wgAjE7MeJvYooFi

    Score
    10/10
    gozibankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

    • Target

      obs.exe

    • Size

      6.5MB

    • MD5

      0ec68a9e8e307c5524a3ed3b4af0aa25

    • SHA1

      f104cf37be5ce21697ccb298d702622a40175498

    • SHA256

      cfa5a87d7abdcfb6275e97e4d6ebba3de10267076e92dbac096bbb00b0db8a81

    • SHA512

      cdd6d773921af10a81674294902531b0606038433db26bc0e8ed8a5b2ff559fe3ad28d2bfb29fcac738d83199b98aa01bf2ff0ada37cc328831c229c2f6a5369

    • SSDEEP

      98304:YscLPkFKpdZpWBs97iYfPAJXfF/6mwcLqNUYL5vgejxTEfIUbXAgribh52uW:YJPrZpWS9WYfPAJNZOvgeNmbX54b9

    Score
    1/10
    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks