General

  • Target

    c8c712ef99395b3af9f43695f32f2f331a9418f8d925e2bad39b388c93bcc5d0

  • Size

    163KB

  • Sample

    240730-cmvg4asepm

  • MD5

    d963c477fe2901f9f68f289e578c38cd

  • SHA1

    dbf3b263449b0c275d7e54e5c665ebd18888f39f

  • SHA256

    c8c712ef99395b3af9f43695f32f2f331a9418f8d925e2bad39b388c93bcc5d0

  • SHA512

    17f728edbfb54f45ad1c0984b5dba3bc385316a258bc428ed14796a75c04e6a76ec0ee5ae19cb02729f9c681ab3629b4ea96ebc88cac63b381a231b2fac8df10

  • SSDEEP

    1536:PAx+IwtwKvMXJAMAHKQ3Qo1yeeJwHxlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:IUlwK07gKKZHxltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c8c712ef99395b3af9f43695f32f2f331a9418f8d925e2bad39b388c93bcc5d0

    • Size

      163KB

    • MD5

      d963c477fe2901f9f68f289e578c38cd

    • SHA1

      dbf3b263449b0c275d7e54e5c665ebd18888f39f

    • SHA256

      c8c712ef99395b3af9f43695f32f2f331a9418f8d925e2bad39b388c93bcc5d0

    • SHA512

      17f728edbfb54f45ad1c0984b5dba3bc385316a258bc428ed14796a75c04e6a76ec0ee5ae19cb02729f9c681ab3629b4ea96ebc88cac63b381a231b2fac8df10

    • SSDEEP

      1536:PAx+IwtwKvMXJAMAHKQ3Qo1yeeJwHxlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:IUlwK07gKKZHxltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks