General

  • Target

    6ece97cfcbc1c4751dfda494dabeffce92d64324d37e48d95ff7c8b818f9577f

  • Size

    163KB

  • Sample

    240730-3yh7bazfng

  • MD5

    ad2d0cfd41bf3615905c01aae8c508f9

  • SHA1

    65d70377f3ae7f2daf71e617899ae14464536797

  • SHA256

    6ece97cfcbc1c4751dfda494dabeffce92d64324d37e48d95ff7c8b818f9577f

  • SHA512

    908f0f02e3290d9086df4f16dc0db393fd7deadca5db79c2d134784cbc6dd5f00937dd93558ac577f5de54abd54238d2a2de5dd891d67679fc88c12bc3b853fe

  • SSDEEP

    1536:PR4d4pgqLGkfUCGAvHMNQXqNTW1MYGUB9fSEZBlProNVU4qNVUrk/9QbfBr+7Gw6:5PGs6NTW1tnrfSEZBltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      6ece97cfcbc1c4751dfda494dabeffce92d64324d37e48d95ff7c8b818f9577f

    • Size

      163KB

    • MD5

      ad2d0cfd41bf3615905c01aae8c508f9

    • SHA1

      65d70377f3ae7f2daf71e617899ae14464536797

    • SHA256

      6ece97cfcbc1c4751dfda494dabeffce92d64324d37e48d95ff7c8b818f9577f

    • SHA512

      908f0f02e3290d9086df4f16dc0db393fd7deadca5db79c2d134784cbc6dd5f00937dd93558ac577f5de54abd54238d2a2de5dd891d67679fc88c12bc3b853fe

    • SSDEEP

      1536:PR4d4pgqLGkfUCGAvHMNQXqNTW1MYGUB9fSEZBlProNVU4qNVUrk/9QbfBr+7Gw6:5PGs6NTW1tnrfSEZBltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks