General

  • Target

    e27c8d8dfa76a905696b912da41cd1c56f3c340136df3624a63168c089b20274

  • Size

    163KB

  • Sample

    240730-dwv1natdrk

  • MD5

    89abf5e1646af9c337977b04788b4f91

  • SHA1

    b80f79cec950db70c16e5d81313581e13ac944bd

  • SHA256

    e27c8d8dfa76a905696b912da41cd1c56f3c340136df3624a63168c089b20274

  • SHA512

    5691601d2ce8ecaa8ca7bca5c5016af794556eec2ac577e6963968bfddb20ddd303c3a439f2b6b49ac8c8aae15e34281b261bf8974b3b1a3c89594fd051eb228

  • SSDEEP

    3072:oCWth5+X5QamIlrGTG0v/qi5D4LQF5ltOrWKDBr+yJb:4tAmamkyTGfQF5LOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      e27c8d8dfa76a905696b912da41cd1c56f3c340136df3624a63168c089b20274

    • Size

      163KB

    • MD5

      89abf5e1646af9c337977b04788b4f91

    • SHA1

      b80f79cec950db70c16e5d81313581e13ac944bd

    • SHA256

      e27c8d8dfa76a905696b912da41cd1c56f3c340136df3624a63168c089b20274

    • SHA512

      5691601d2ce8ecaa8ca7bca5c5016af794556eec2ac577e6963968bfddb20ddd303c3a439f2b6b49ac8c8aae15e34281b261bf8974b3b1a3c89594fd051eb228

    • SSDEEP

      3072:oCWth5+X5QamIlrGTG0v/qi5D4LQF5ltOrWKDBr+yJb:4tAmamkyTGfQF5LOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks