Overview

overview

10

Static

static

3

2d51fb542a...b2.exe

windows7-x64

10

2d51fb542a...b2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d51fb542ad40e580a7fc9451dcf1575aabcc88c32c44c477ab16e400be05cb2

  • Size

    163KB

  • Sample

    240724-yt7xnavblr

  • MD5

    aced590fe183b53eab11373386804861

  • SHA1

    f8e47918d7658e43704dbe77279217a404fcec87

  • SHA256

    2d51fb542ad40e580a7fc9451dcf1575aabcc88c32c44c477ab16e400be05cb2

  • SHA512

    f6534dd8680c0082c5e0b857ac5327a1841a81869c41b94bfbc4b14ac87ae28c3d5ced1a06356d88e00193a7307dcccc6b61fbfdd6dc994f4be2dc3beec8fee9

  • SSDEEP

    1536:POH5lTJMcrqUG2aUl4klProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:IegdHaUCkltOrWKDBr+yJb

Score
10/10
gozibankerdiscoveryisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      2d51fb542ad40e580a7fc9451dcf1575aabcc88c32c44c477ab16e400be05cb2

    • Size

      163KB

    • MD5

      aced590fe183b53eab11373386804861

    • SHA1

      f8e47918d7658e43704dbe77279217a404fcec87

    • SHA256

      2d51fb542ad40e580a7fc9451dcf1575aabcc88c32c44c477ab16e400be05cb2

    • SHA512

      f6534dd8680c0082c5e0b857ac5327a1841a81869c41b94bfbc4b14ac87ae28c3d5ced1a06356d88e00193a7307dcccc6b61fbfdd6dc994f4be2dc3beec8fee9

    • SSDEEP

      1536:POH5lTJMcrqUG2aUl4klProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:IegdHaUCkltOrWKDBr+yJb

    Score
    10/10
    gozibankerdiscoveryisfbpersistencetrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks