General

  • Target

    ce9ebc8da12dc67aae12396c99b248056a7bc906b9e9c421fef34d9de349bdd0

  • Size

    163KB

  • Sample

    240731-fq11tsscnb

  • MD5

    bbec278878fb5bbccec26299315ad4a4

  • SHA1

    8267237a46bf686414f52e8cb5825bda6cc53398

  • SHA256

    ce9ebc8da12dc67aae12396c99b248056a7bc906b9e9c421fef34d9de349bdd0

  • SHA512

    8806f9baafe429bcf857a2fec0c263122a608446d479e0df2970a0b3e723a7aece5e786496e5900a76a626512758590361bef23dd0450cbcf10b98d32068a4ec

  • SSDEEP

    3072:7w5VxARzFS6cDjq8UFApNjZWJltOrWKDBr+yJb:7w5VxARzFS6cDjq8DpNjZWJLOf

Malware Config

Extracted

Family

gozi

Targets

    • Target

      ce9ebc8da12dc67aae12396c99b248056a7bc906b9e9c421fef34d9de349bdd0

    • Size

      163KB

    • MD5

      bbec278878fb5bbccec26299315ad4a4

    • SHA1

      8267237a46bf686414f52e8cb5825bda6cc53398

    • SHA256

      ce9ebc8da12dc67aae12396c99b248056a7bc906b9e9c421fef34d9de349bdd0

    • SHA512

      8806f9baafe429bcf857a2fec0c263122a608446d479e0df2970a0b3e723a7aece5e786496e5900a76a626512758590361bef23dd0450cbcf10b98d32068a4ec

    • SSDEEP

      3072:7w5VxARzFS6cDjq8UFApNjZWJltOrWKDBr+yJb:7w5VxARzFS6cDjq8DpNjZWJLOf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks