gozi | 6ee0d3b7d338b3842a18e9a23cc822181f769eb62e319feb1e263c123cdafdf8 | Triage

Submit
Reports

Overview

overview

Static

static

6ee0d3b7d3...f8.exe

windows7-x64

6ee0d3b7d3...f8.exe

windows10-2004-x64

Sharing

General

Target

6ee0d3b7d338b3842a18e9a23cc822181f769eb62e319feb1e263c123cdafdf8
Size

2.1MB
Sample

240728-3pkzjswcla
MD5

a5fa992a280bd7337cb07f6389d7ef30
SHA1

860be4799e56605f0f69c296add73b41ad28d61b
SHA256

6ee0d3b7d338b3842a18e9a23cc822181f769eb62e319feb1e263c123cdafdf8
SHA512

3bf56964a21182cae852cc289d81c1d2bf268efb7b06fee7d4f7b9018b0bc25817eeb9c21bde9dfedb9568ba222b51e13582eceb84a2bc670789a0db9655e458
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGJLuIaRNGihqQW:BemTLkNdfE0pZrk

Score

10^/10

gozi xmrig banker isfb miner trojan upx

Static task

static1

miner upx xmrig

4 signatures

Behavioral task

behavioral1

Sample

6ee0d3b7d338b3842a18e9a23cc822181f769eb62e319feb1e263c123cdafdf8.exe

Resource

win7-20240729-en

gozi xmrig banker isfb miner trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ee0d3b7d338b3842a18e9a23cc822181f769eb62e319feb1e263c123cdafdf8.exe

Resource

win10v2004-20240709-en

xmrig miner upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  6ee0d3b7d338b3842a18e9a23cc822181f769eb62e319feb1e263c123cdafdf8
- Size
  
  2.1MB
- MD5
  
  a5fa992a280bd7337cb07f6389d7ef30
- SHA1
  
  860be4799e56605f0f69c296add73b41ad28d61b
- SHA256
  
  6ee0d3b7d338b3842a18e9a23cc822181f769eb62e319feb1e263c123cdafdf8
- SHA512
  
  3bf56964a21182cae852cc289d81c1d2bf268efb7b06fee7d4f7b9018b0bc25817eeb9c21bde9dfedb9568ba222b51e13582eceb84a2bc670789a0db9655e458
- SSDEEP
  
  49152:BezaTF8FcNkNdfE0pZ9ozt4wIXGJLuIaRNGihqQW:BemTLkNdfE0pZrk
Score

10^/10

gozi xmrig banker isfb miner trojan upx
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

gozixmrigbankerisfbminertrojanupx

behavioral2

© 2018-2024

Terms | Privacy