Overview

overview

10

Static

static

3

injector_build.zip

windows11-21h2-x64

1

injector.exe

windows11-21h2-x64

10

Resubmissions

01-06-2024 18:34

240601-w76kmsca62 10

01-06-2024 18:27

240601-w3wjwabg56 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    injector_build.zip

  • Size

    8KB

  • Sample

    240601-w3wjwabg56

  • MD5

    5e475aefad0255db8384381cee0df7b0

  • SHA1

    efd65b003211aee84e5f770d786458f5aadbafff

  • SHA256

    8d89606427eeaf7fca903d0b940cec31e03e93b5b5ee7e620d1944aa70469e85

  • SHA512

    35d63a3060ed1a30e66b7029e3ab13de19de8c253315efdb484a6085edb5c21de3862f8fe093cbf35023f93b414b684e1ae3f1e6559223f4db3c160ac7a04e86

  • SSDEEP

    192:t2fq259obpfsxZy/FJBk88rgfnNOyGN/YNMfTgfUQL4q9qtu:Gq25Wpfqy/F7k88u/GNOMfkcQkq9qtu

Score
10/10
gozibankerisfbspywarestealertrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      injector_build.zip

    • Size

      8KB

    • MD5

      5e475aefad0255db8384381cee0df7b0

    • SHA1

      efd65b003211aee84e5f770d786458f5aadbafff

    • SHA256

      8d89606427eeaf7fca903d0b940cec31e03e93b5b5ee7e620d1944aa70469e85

    • SHA512

      35d63a3060ed1a30e66b7029e3ab13de19de8c253315efdb484a6085edb5c21de3862f8fe093cbf35023f93b414b684e1ae3f1e6559223f4db3c160ac7a04e86

    • SSDEEP

      192:t2fq259obpfsxZy/FJBk88rgfnNOyGN/YNMfTgfUQL4q9qtu:Gq25Wpfqy/F7k88u/GNOMfkcQkq9qtu

    Score
    1/10
    behavioral1

    • Target

      injector.exe

    • Size

      12KB

    • MD5

      ea74d941f3d9b92bd05de9ef96b5f6c5

    • SHA1

      e912ddd0828cbef8ff6555818fabf06e235d08f5

    • SHA256

      fe6a6d1e57b00eef714b1e3bedbc96a786f6749d6eb822bc14a7a7e4913ce1b0

    • SHA512

      11cdb3412abb0acfc3598f89741691094147bd421d0f4fd21cc66bff3797e40e9ff0c8f913821b898759d67e852584fb868e705c4fa217618589f8078b2a3213

    • SSDEEP

      192:61Cs6L8OVuRWCfIvzYknpp4r0xv0iSe8GA7HaN+Xdzl4PFUZ8izxH8J+IBy:dsOxCfIvzFB5XE6OzlakrtHqo

    Score
    10/10
    gozibankerisfbspywarestealertrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks