Overview

overview

10

Static

static

3

dee9d4ccce...0N.exe

windows7-x64

10

dee9d4ccce...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dee9d4ccceb51b090da0a48609be47a0N.exe

  • Size

    163KB

  • Sample

    240725-s9554sycqq

  • MD5

    dee9d4ccceb51b090da0a48609be47a0

  • SHA1

    8526f7dff79fe6b27aa3e7861548dcc113a1f8a7

  • SHA256

    a9ed6c707a0e74c2cc0558b0569454b5abb88174be351c891dd0cfdac788c790

  • SHA512

    b375aa63aa4a3cedfaa6f88845494dfecb84a1d66bf53ca0cb45d2a9218507fb85358494b3acca505d00d8470ff8628f60a9f06846bd5605edfe237e2583d5f9

  • SSDEEP

    1536:Pdr9Z0HUjpatZJBA1U+je7LGjzlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:V9OUMLkDjzltOrWKDBr+yJb

Score
10/10
gozibankerdiscoveryisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      dee9d4ccceb51b090da0a48609be47a0N.exe

    • Size

      163KB

    • MD5

      dee9d4ccceb51b090da0a48609be47a0

    • SHA1

      8526f7dff79fe6b27aa3e7861548dcc113a1f8a7

    • SHA256

      a9ed6c707a0e74c2cc0558b0569454b5abb88174be351c891dd0cfdac788c790

    • SHA512

      b375aa63aa4a3cedfaa6f88845494dfecb84a1d66bf53ca0cb45d2a9218507fb85358494b3acca505d00d8470ff8628f60a9f06846bd5605edfe237e2583d5f9

    • SSDEEP

      1536:Pdr9Z0HUjpatZJBA1U+je7LGjzlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:V9OUMLkDjzltOrWKDBr+yJb

    Score
    10/10
    gozibankerdiscoveryisfbpersistencetrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks