Overview

overview

10

Static

static

3

loadre.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loadre_build.zip

  • Size

    9KB

  • Sample

    240602-meplzsac6t

  • MD5

    43f28306f7e1c0cf5dcec43806e8d1ad

  • SHA1

    3577501518c27faac1b9de88c52911a193a9c997

  • SHA256

    ccd7ad4a937c637ea55fd26d17c80b4b1874c9997e8e60cd726865e145da869a

  • SHA512

    25ff6e25263ea353313afc194e74be387b6b66844b32f50d63dfac9d62668155c10fb34a1c1c62d5333c4ab4e675c43c59b7d3d0ff2be11eb5ccc5c84dbc39ae

  • SSDEEP

    192:xouiCQRhwJwOycz+bcy9GWhycTnhDX3HtjhNDl:GhQdycjO/rrhXjxl

Score
10/10
gozibankerisfbspywarestealertrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      loadre.exe

    • Size

      11KB

    • MD5

      5e11511f8c86bd3670d94ff9df0a4b50

    • SHA1

      b818702166d30936ec30a3ee5485325c140f9323

    • SHA256

      09e10f9ecb7c6e3d94302619b6b265ba688a448be06b1da898e73b54c5505f84

    • SHA512

      4ed042ee76d870c46d9de9dae7a063bb28aa3a1f31de6db6933600ad5602e982b1eb13efc471d886cd5a147f746708aa46a437e89c3f7316a7d8f6176ff784b5

    • SSDEEP

      192:5k8Js2ZtezIgMX3dYeydFntOJ3wIksunO5425:5karmIgMX3dYeydFtOJ3wKuq

    Score
    10/10
    gozibankerisfbspywarestealertrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks