Overview

overview

10

Static

static

3

a562e4fdfa...db.exe

windows7-x64

10

a562e4fdfa...db.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a562e4fdfa82304acea4bed666bd71068a157728f629ed3d7f12e0e34be9bfdb

  • Size

    163KB

  • Sample

    240724-bj35dssere

  • MD5

    ab894ae55ae593d835d947e18a9bd001

  • SHA1

    65faebaf2437352bb4a74f627a4a6a00b5942265

  • SHA256

    a562e4fdfa82304acea4bed666bd71068a157728f629ed3d7f12e0e34be9bfdb

  • SHA512

    cbdabecb433f9b5c2c305268ca937654b04eb241460b1240ff366d125ce1cc2dee7b70c87de4720d31a40ab6ae0747fdf9b6ed1dc695962f075ed6e022f8fa03

  • SSDEEP

    1536:POO29YX7ywR/ZWVRzb1SQn8lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:Ngsf/ZWV3SQn8ltOrWKDBr+yJb

Score
10/10
gozibankerdiscoveryisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      a562e4fdfa82304acea4bed666bd71068a157728f629ed3d7f12e0e34be9bfdb

    • Size

      163KB

    • MD5

      ab894ae55ae593d835d947e18a9bd001

    • SHA1

      65faebaf2437352bb4a74f627a4a6a00b5942265

    • SHA256

      a562e4fdfa82304acea4bed666bd71068a157728f629ed3d7f12e0e34be9bfdb

    • SHA512

      cbdabecb433f9b5c2c305268ca937654b04eb241460b1240ff366d125ce1cc2dee7b70c87de4720d31a40ab6ae0747fdf9b6ed1dc695962f075ed6e022f8fa03

    • SSDEEP

      1536:POO29YX7ywR/ZWVRzb1SQn8lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:Ngsf/ZWV3SQn8ltOrWKDBr+yJb

    Score
    10/10
    discoverypersistencegozibankerisfbtrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks