gozi

General

Target

2024-07-26_97834990b4e54a935612e5e8b39fca0b_avoslocker_cobalt-strike_raccoonstealer_wapomi
Size

589KB
Sample

240726-m2ds1atdqn
MD5

97834990b4e54a935612e5e8b39fca0b
SHA1

e663ada1cd97047fb9e6dc55af7950e84ab72717
SHA256

cdfe4848ff55e19e93b18046cfa40283bc3b6927a6e3bb9274c2aedc554c1d65
SHA512

187bb343d0581123046149fce3a6477fef64d86e480708d8a8238f5ea3ac36e0cc388f70c4f90c59e02276626bbd2cd8ffd94e5678d60295b33e079635386e48
SSDEEP

12288:05ntsDk51T1v2AqWsmCsWZC6cm3mS5Osw4KT5uImXzsMji8WhoQm6f:Ontso1T1v2AVZXWZZqRqUuI

Score

10^/10

Malware Config

Extracted

Family

gozi

Extracted

Family

raccoon

Version

1.7.3

Botnet

c021300d0074689fde86c87568e215c582272721

Attributes

url4cnc
https://tttttt.me/ch0koalpengold

rc4.plain

Targets

- Target
  
  2024-07-26_97834990b4e54a935612e5e8b39fca0b_avoslocker_cobalt-strike_raccoonstealer_wapomi
- Size
  
  589KB
- MD5
  
  97834990b4e54a935612e5e8b39fca0b
- SHA1
  
  e663ada1cd97047fb9e6dc55af7950e84ab72717
- SHA256
  
  cdfe4848ff55e19e93b18046cfa40283bc3b6927a6e3bb9274c2aedc554c1d65
- SHA512
  
  187bb343d0581123046149fce3a6477fef64d86e480708d8a8238f5ea3ac36e0cc388f70c4f90c59e02276626bbd2cd8ffd94e5678d60295b33e079635386e48
- SSDEEP
  
  12288:05ntsDk51T1v2AqWsmCsWZC6cm3mS5Osw4KT5uImXzsMji8WhoQm6f:Ontso1T1v2AVZXWZZqRqUuI
Score

10^/10

gozi raccoon c021300d0074689fde86c87568e215c582272721 aspackv2 banker discovery isfb stealer trojan
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer V1 payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Raccoon

Raccoon Stealer V1 payload

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2