Overview

overview

10

Static

static

10

03ca5105b1...64.exe

windows7-x64

10

03ca5105b1...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03ca5105b17b598894ba299a5422797681157802eefc494996946b4af87f9c64

  • Size

    163KB

  • Sample

    240616-wtn4fa1fkc

  • MD5

    3c5a0ca36bea72e589ad62f572c30299

  • SHA1

    832357b1fea77b0b69758ec81cd9321f42f198cc

  • SHA256

    03ca5105b17b598894ba299a5422797681157802eefc494996946b4af87f9c64

  • SHA512

    e91096ca18830632deb4cd1fc22c5e137f22c5842222b0df0b2126d6f35ba4b39e252bc6a74443d3089557215b47fa48b28d16cbcd96f11af012f27b2544bbff

  • SSDEEP

    3072:2vymN7zMt8cneqZ17upp1ytX9d673EQujt2ltOrWKDBr+yJb:2chRhubKO22LOf

Score
10/10
gozibankerisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      03ca5105b17b598894ba299a5422797681157802eefc494996946b4af87f9c64

    • Size

      163KB

    • MD5

      3c5a0ca36bea72e589ad62f572c30299

    • SHA1

      832357b1fea77b0b69758ec81cd9321f42f198cc

    • SHA256

      03ca5105b17b598894ba299a5422797681157802eefc494996946b4af87f9c64

    • SHA512

      e91096ca18830632deb4cd1fc22c5e137f22c5842222b0df0b2126d6f35ba4b39e252bc6a74443d3089557215b47fa48b28d16cbcd96f11af012f27b2544bbff

    • SSDEEP

      3072:2vymN7zMt8cneqZ17upp1ytX9d673EQujt2ltOrWKDBr+yJb:2chRhubKO22LOf

    Score
    10/10
    persistencegozibankerisfbtrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Detects executables built or packed with MPress PE compressor

    • UPX dump on OEP (original entry point)

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks