General

  • Target

    0daf86478ef4ec5f60538235f7c93dc0N.exe

  • Size

    347KB

  • Sample

    240730-zxcrcsshqb

  • MD5

    0daf86478ef4ec5f60538235f7c93dc0

  • SHA1

    715ce97f85ada9e2e47dc7ae6c545a6b7bd71454

  • SHA256

    b8f3f8eadc948851da3506715b127afa3de4b6d62713684b7b75b76838ecf472

  • SHA512

    10785de1488b72e77b073957e1e88a361440811dc269e9204f9f406196aee736edea3f150f6eb30de5fbc18e0425f3f764b6b77e70ba9c3a41d3b5ccb6d59a2b

  • SSDEEP

    6144:0ZQKUzMiPpmfbKmuA75YL2wAe5ZbKmuA0bKmuUOl0n6auhLbKmuA75YL2wAe5:H3ObKotYye5ZbKo0bKcpn6auBbKotYyE

Malware Config

Extracted

Family

gozi

Targets

    • Target

      0daf86478ef4ec5f60538235f7c93dc0N.exe

    • Size

      347KB

    • MD5

      0daf86478ef4ec5f60538235f7c93dc0

    • SHA1

      715ce97f85ada9e2e47dc7ae6c545a6b7bd71454

    • SHA256

      b8f3f8eadc948851da3506715b127afa3de4b6d62713684b7b75b76838ecf472

    • SHA512

      10785de1488b72e77b073957e1e88a361440811dc269e9204f9f406196aee736edea3f150f6eb30de5fbc18e0425f3f764b6b77e70ba9c3a41d3b5ccb6d59a2b

    • SSDEEP

      6144:0ZQKUzMiPpmfbKmuA75YL2wAe5ZbKmuA0bKmuUOl0n6auhLbKmuA75YL2wAe5:H3ObKotYye5ZbKo0bKcpn6auBbKotYyE

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks