General

  • Target

    0b358303a555711fa128a3d62a9740d0N.exe

  • Size

    163KB

  • Sample

    240708-jd1q3syekk

  • MD5

    0b358303a555711fa128a3d62a9740d0

  • SHA1

    22ee9edf9d5f1f01b00f01c9e9de1c6ad5b4eca0

  • SHA256

    0a8bcbabd5e2efc6ddb5123382ae96eacf081643fe0f5b8e0116758c14e45f6f

  • SHA512

    253ff83c65533aa7554c8fdb6f9592445465bcbe375a831812db082ab9b40ed8bdd383ee6fbe292fae8a5a105a0809dbfe9aba73069d510088f04f1d54e12848

  • SSDEEP

    1536:PPzKlsk1oYI9mijLivlAsGgaaK3lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:nU2YI9nPiv2JgFwltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      0b358303a555711fa128a3d62a9740d0N.exe

    • Size

      163KB

    • MD5

      0b358303a555711fa128a3d62a9740d0

    • SHA1

      22ee9edf9d5f1f01b00f01c9e9de1c6ad5b4eca0

    • SHA256

      0a8bcbabd5e2efc6ddb5123382ae96eacf081643fe0f5b8e0116758c14e45f6f

    • SHA512

      253ff83c65533aa7554c8fdb6f9592445465bcbe375a831812db082ab9b40ed8bdd383ee6fbe292fae8a5a105a0809dbfe9aba73069d510088f04f1d54e12848

    • SSDEEP

      1536:PPzKlsk1oYI9mijLivlAsGgaaK3lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:nU2YI9nPiv2JgFwltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks