Overview

overview

10

Static

static

10

354478fe7f...7b.exe

windows7-x64

10

354478fe7f...7b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    354478fe7f685fc854c7d1cc0cb36ba6b324cd6121b2aefc902f158836bde57b

  • Size

    163KB

  • Sample

    240601-yxsbdadf6w

  • MD5

    a0fdc98f2a0237d8901a7b6b3463b23d

  • SHA1

    57fa1d3a6001537599dfa8acfcba21c3bc6d9d8a

  • SHA256

    354478fe7f685fc854c7d1cc0cb36ba6b324cd6121b2aefc902f158836bde57b

  • SHA512

    47ba224b5ddb00599cb1d1ef4a498b99be3375903ccf12d9a212f14cf1e49a6088f18a91033e15ea392e7f5a9cb9130c2c37fae0bed9d4bd4dab1aecfbf47fab

  • SSDEEP

    1536:PtYAtggM+s9Bl0R+wa1HN335mn4lxRinlProNVU4qNVUrk/9QbfBr+7GwKrPAsqE:VrmgM+sR0EM4ljinltOrWKDBr+yJb

Score
10/10
gozibankerisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      354478fe7f685fc854c7d1cc0cb36ba6b324cd6121b2aefc902f158836bde57b

    • Size

      163KB

    • MD5

      a0fdc98f2a0237d8901a7b6b3463b23d

    • SHA1

      57fa1d3a6001537599dfa8acfcba21c3bc6d9d8a

    • SHA256

      354478fe7f685fc854c7d1cc0cb36ba6b324cd6121b2aefc902f158836bde57b

    • SHA512

      47ba224b5ddb00599cb1d1ef4a498b99be3375903ccf12d9a212f14cf1e49a6088f18a91033e15ea392e7f5a9cb9130c2c37fae0bed9d4bd4dab1aecfbf47fab

    • SSDEEP

      1536:PtYAtggM+s9Bl0R+wa1HN335mn4lxRinlProNVU4qNVUrk/9QbfBr+7GwKrPAsqE:VrmgM+sR0EM4ljinltOrWKDBr+yJb

    Score
    10/10
    persistencegozibankerisfbtrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks