Overview

overview

10

Static

static

3

8546cc881b...84.exe

windows7-x64

10

8546cc881b...84.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8546cc881ba4e3760fc434fbff85e72730c6accaa739a1eb89d07d7d653ccc84

  • Size

    163KB

  • Sample

    240726-aac16stbql

  • MD5

    d0578f12f8eab8176d04e5d2bff8b7de

  • SHA1

    3252372dc1908a52a38ea37f4e303b1b811c84d2

  • SHA256

    8546cc881ba4e3760fc434fbff85e72730c6accaa739a1eb89d07d7d653ccc84

  • SHA512

    bdc80e179b311e43a75184b95d8161934b70fdd8293e40d1262f1308353dab991a82776136d6cf220def233a9c2d7d0293305daeb2721af59fa7ff01f0ab0df4

  • SSDEEP

    1536:PXJ5egZM8e6jiHpCTVYfiwe9b+6a4KZnvWbqbjlProNVU4qNVUrk/9QbfBr+7Gw6:PS1ZnjltOrWKDBr+yJb

Score
10/10
gozibankerdiscoveryisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      8546cc881ba4e3760fc434fbff85e72730c6accaa739a1eb89d07d7d653ccc84

    • Size

      163KB

    • MD5

      d0578f12f8eab8176d04e5d2bff8b7de

    • SHA1

      3252372dc1908a52a38ea37f4e303b1b811c84d2

    • SHA256

      8546cc881ba4e3760fc434fbff85e72730c6accaa739a1eb89d07d7d653ccc84

    • SHA512

      bdc80e179b311e43a75184b95d8161934b70fdd8293e40d1262f1308353dab991a82776136d6cf220def233a9c2d7d0293305daeb2721af59fa7ff01f0ab0df4

    • SSDEEP

      1536:PXJ5egZM8e6jiHpCTVYfiwe9b+6a4KZnvWbqbjlProNVU4qNVUrk/9QbfBr+7Gw6:PS1ZnjltOrWKDBr+yJb

    Score
    10/10
    discoverypersistencegozibankerisfbtrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks