Overview

overview

10

Static

static

10

b9f257a770...22.exe

windows7-x64

10

b9f257a770...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9f257a77085fa24454f344a81c872e5f8fcc2088646345fd23b9554d8450f22

  • Size

    163KB

  • Sample

    240612-dyz3dszcpe

  • MD5

    48ece8e85ae677e976e36afc007196d7

  • SHA1

    489785357087eb275df293d0cdb171ababc35481

  • SHA256

    b9f257a77085fa24454f344a81c872e5f8fcc2088646345fd23b9554d8450f22

  • SHA512

    93d2d63f6bfd2a12bb4d340fa6641bd74d79abd959f5c7f4389762bc8f8ece27cd97ca8f4cdcf0a1967a3b55b193b916740d5cd6f6ecf6c088afc605670de974

  • SSDEEP

    3072:QIKkWlDpJhT96hYSvh3OfqltOrWKDBr+yJb:QIoD5Qdh3GqLOf

Score
10/10
gozibankerisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      b9f257a77085fa24454f344a81c872e5f8fcc2088646345fd23b9554d8450f22

    • Size

      163KB

    • MD5

      48ece8e85ae677e976e36afc007196d7

    • SHA1

      489785357087eb275df293d0cdb171ababc35481

    • SHA256

      b9f257a77085fa24454f344a81c872e5f8fcc2088646345fd23b9554d8450f22

    • SHA512

      93d2d63f6bfd2a12bb4d340fa6641bd74d79abd959f5c7f4389762bc8f8ece27cd97ca8f4cdcf0a1967a3b55b193b916740d5cd6f6ecf6c088afc605670de974

    • SSDEEP

      3072:QIKkWlDpJhT96hYSvh3OfqltOrWKDBr+yJb:QIoD5Qdh3GqLOf

    Score
    10/10
    persistencegozibankerisfbtrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks