General

  • Target

    139947a174adfc05634f9737e1cdf0a9dbc797e3a6c7d035945dc9a9ad68df02

  • Size

    163KB

  • Sample

    240730-xm6kksxhlf

  • MD5

    c9237101df63f4910fce55490f20bb6f

  • SHA1

    c8d079573b9f5060b5b5564e7f84265d232c5bf3

  • SHA256

    139947a174adfc05634f9737e1cdf0a9dbc797e3a6c7d035945dc9a9ad68df02

  • SHA512

    1c9cfc719253d1b3cc8cdf88770c4532ae680154dbc53b0fca3e3eb058241155e1b3e6102685cc2f1915a89d455e748274eca1aed42fcf8e02161b7d47eef3d2

  • SSDEEP

    3072:LsGuPxG5usLl8uUj2oMdltOrWKDBr+yJb:LoPu6uUjNMdLOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      139947a174adfc05634f9737e1cdf0a9dbc797e3a6c7d035945dc9a9ad68df02

    • Size

      163KB

    • MD5

      c9237101df63f4910fce55490f20bb6f

    • SHA1

      c8d079573b9f5060b5b5564e7f84265d232c5bf3

    • SHA256

      139947a174adfc05634f9737e1cdf0a9dbc797e3a6c7d035945dc9a9ad68df02

    • SHA512

      1c9cfc719253d1b3cc8cdf88770c4532ae680154dbc53b0fca3e3eb058241155e1b3e6102685cc2f1915a89d455e748274eca1aed42fcf8e02161b7d47eef3d2

    • SSDEEP

      3072:LsGuPxG5usLl8uUj2oMdltOrWKDBr+yJb:LoPu6uUjNMdLOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks