gozi | d3931ee10daf52359a7591418690f97d4dd2c053624b231358e433f9e58769ca | Triage

Sharing

General

Target

3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118
Size

100KB
Sample

240712-kv1cbawfpp
MD5

3cb96fe79aa01c82ac68c54e88918e57
SHA1

19b9133e860fcebb612c45c1d16c5aaa37a6c8a1
SHA256

d3931ee10daf52359a7591418690f97d4dd2c053624b231358e433f9e58769ca
SHA512

93231ac90d25879bf27894a6f34b1518c46415eb895e1662df2b42b0dd841b60b9dc7b130c3a704aac24ee33cf4ced080fe575415efb978e28387e1827150b92
SSDEEP

1536:RgResSzjBEY7AmycmyTOOiq7NPsS5A9M3jj+kEPDKgf:a3S/CY7GQT9iqx0XYg7/

Score

10^/10

gozi isfb

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  3cb96fe79aa01c82ac68c54e88918e57_JaffaCakes118
- Size
  
  100KB
- MD5
  
  3cb96fe79aa01c82ac68c54e88918e57
- SHA1
  
  19b9133e860fcebb612c45c1d16c5aaa37a6c8a1
- SHA256
  
  d3931ee10daf52359a7591418690f97d4dd2c053624b231358e433f9e58769ca
- SHA512
  
  93231ac90d25879bf27894a6f34b1518c46415eb895e1662df2b42b0dd841b60b9dc7b130c3a704aac24ee33cf4ced080fe575415efb978e28387e1827150b92
- SSDEEP
  
  1536:RgResSzjBEY7AmycmyTOOiq7NPsS5A9M3jj+kEPDKgf:a3S/CY7GQT9iqx0XYg7/
Score

7^/10
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2