Overview

overview

10

Static

static

8

a24a6c5aff...18.doc

windows7-x64

10

a24a6c5aff...18.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a24a6c5affcd91920c4654d9ede6189f_JaffaCakes118

  • Size

    118KB

  • Sample

    240612-zky4tszbph

  • MD5

    a24a6c5affcd91920c4654d9ede6189f

  • SHA1

    a18d5eb5632adbfe029b75def4a42f003246f103

  • SHA256

    65fdfc9da060d5159927338fc73c3451456d595eb42352b00958a42fb7982e18

  • SHA512

    675d4649c92ecd7d7042df3b196b508b11d2b70ddb8ca2fceb6ae619caae35f8728cab8349049da2d19a39dd902b729c15acf4e6d2942a8526f7fd3974876afc

  • SSDEEP

    3072:XiqkeTlA7wM8Wz9fvPCbdXu9zDDWsIHgvv9HnX6K:bJCzu

Score
10/10
gozibankerisfbmacromacro_on_actiontrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      a24a6c5affcd91920c4654d9ede6189f_JaffaCakes118

    • Size

      118KB

    • MD5

      a24a6c5affcd91920c4654d9ede6189f

    • SHA1

      a18d5eb5632adbfe029b75def4a42f003246f103

    • SHA256

      65fdfc9da060d5159927338fc73c3451456d595eb42352b00958a42fb7982e18

    • SHA512

      675d4649c92ecd7d7042df3b196b508b11d2b70ddb8ca2fceb6ae619caae35f8728cab8349049da2d19a39dd902b729c15acf4e6d2942a8526f7fd3974876afc

    • SSDEEP

      3072:XiqkeTlA7wM8Wz9fvPCbdXu9zDDWsIHgvv9HnX6K:bJCzu

    Score
    10/10
    gozibankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks