gozi | 067fca1211ab7cde65e58c057b3b8cbaf9aa6da891b7f3e9bd91b191eab649a0 | Triage

Sharing

General

Target

6de813a22b2b73e330085ec7c85e041b_JaffaCakes118
Size

395KB
Sample

240725-dpvfjsybmb
MD5

6de813a22b2b73e330085ec7c85e041b
SHA1

2482482f64d49bd1fcf7f995291d1c22824c2e92
SHA256

067fca1211ab7cde65e58c057b3b8cbaf9aa6da891b7f3e9bd91b191eab649a0
SHA512

65c23c009f5926017f42ced2af528633af64f8274fb9f43103d61617d6de8d9a11fd00143813a43800af1a75d66d1b3a387fd6d5de88e4be3d0f6e51a52fa70b
SSDEEP

6144:yz3q2jSSIOrGPtU1PeMaMHMj1mnlKI1vW9plO4:+62joOr0slHymllWVO

Score

10^/10

gozi discovery isfb

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  6de813a22b2b73e330085ec7c85e041b_JaffaCakes118
- Size
  
  395KB
- MD5
  
  6de813a22b2b73e330085ec7c85e041b
- SHA1
  
  2482482f64d49bd1fcf7f995291d1c22824c2e92
- SHA256
  
  067fca1211ab7cde65e58c057b3b8cbaf9aa6da891b7f3e9bd91b191eab649a0
- SHA512
  
  65c23c009f5926017f42ced2af528633af64f8274fb9f43103d61617d6de8d9a11fd00143813a43800af1a75d66d1b3a387fd6d5de88e4be3d0f6e51a52fa70b
- SSDEEP
  
  6144:yz3q2jSSIOrGPtU1PeMaMHMj1mnlKI1vW9plO4:+62joOr0slHymllWVO
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2