General
-
Target
c24b23e85c4834312e815036a8e9dd70bee45bdff070897f6094a1eb331c1942
-
Size
163KB
-
Sample
240612-efv66azgkq
-
MD5
8638b9e7dc510aca92f8b48ffe11c8da
-
SHA1
5fdcee158fd68155bca04dc939f014dd184b417e
-
SHA256
c24b23e85c4834312e815036a8e9dd70bee45bdff070897f6094a1eb331c1942
-
SHA512
6df17382d27a8755f138dd41b27c58f7c9093cc541cb750c4ba3cc96492c6149ee3ceed5626312d035695d5195b8c451f47df4e08257e53996db9fa8177f4f51
-
SSDEEP
1536:PtkGKDoSdsOLKAAWGDMBEnlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:lknZKHWGDuEnltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
c24b23e85c4834312e815036a8e9dd70bee45bdff070897f6094a1eb331c1942
-
Size
163KB
-
MD5
8638b9e7dc510aca92f8b48ffe11c8da
-
SHA1
5fdcee158fd68155bca04dc939f014dd184b417e
-
SHA256
c24b23e85c4834312e815036a8e9dd70bee45bdff070897f6094a1eb331c1942
-
SHA512
6df17382d27a8755f138dd41b27c58f7c9093cc541cb750c4ba3cc96492c6149ee3ceed5626312d035695d5195b8c451f47df4e08257e53996db9fa8177f4f51
-
SSDEEP
1536:PtkGKDoSdsOLKAAWGDMBEnlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:lknZKHWGDuEnltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-