gozi | e50407b62502bfc2fe94c97e0d1af3871269596b8de3384df4dbb92f90de17c6 | Triage

Sharing

General

Target

524aed944b7f307eea5677eda7e2079a_JaffaCakes118
Size

111KB
Sample

240717-kwxykswgng
MD5

524aed944b7f307eea5677eda7e2079a
SHA1

ed1078869941db13e29791132f4350d7bdfa2209
SHA256

e50407b62502bfc2fe94c97e0d1af3871269596b8de3384df4dbb92f90de17c6
SHA512

712d47cd629194d7e1ed4b97bed5fbb8e9aad5339bd6c514d4327b35ce9e8332899563528f2ac9934d300d32c6412b83cc55f863cdc8ca82fe1c1334d57eadce
SSDEEP

1536:vqy7hkeaG0g5VskxIJ0AUr+rUV8XqFAMkkMggtjG5piYZXKz0tC:fhkEsoIu8UrVMggty5pFZ1

Score

10^/10

gozi isfb persistence

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  524aed944b7f307eea5677eda7e2079a_JaffaCakes118
- Size
  
  111KB
- MD5
  
  524aed944b7f307eea5677eda7e2079a
- SHA1
  
  ed1078869941db13e29791132f4350d7bdfa2209
- SHA256
  
  e50407b62502bfc2fe94c97e0d1af3871269596b8de3384df4dbb92f90de17c6
- SHA512
  
  712d47cd629194d7e1ed4b97bed5fbb8e9aad5339bd6c514d4327b35ce9e8332899563528f2ac9934d300d32c6412b83cc55f863cdc8ca82fe1c1334d57eadce
- SSDEEP
  
  1536:vqy7hkeaG0g5VskxIJ0AUr+rUV8XqFAMkkMggtjG5piYZXKz0tC:fhkEsoIu8UrVMggty5pFZ1
Score

8^/10

persistence
- Server Software Component: Terminal Services DLL
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Server Software Component

Terminal Services DLL

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2