General

  • Target

    85515ce91e102b5dda3fa0a45a0d4a00N.exe

  • Size

    163KB

  • Sample

    240731-hxc9fsxama

  • MD5

    85515ce91e102b5dda3fa0a45a0d4a00

  • SHA1

    8f4f1e9ceb97706f2ab832475437ef4f0fe948fd

  • SHA256

    0da911989d9aa830a64bffbea726b8390ca70cf70dbab445a2f82beec094024d

  • SHA512

    e96c5f06bbfa5edbe0fc00b7da85acd4eb1404b4df60c41d5a913a59c41d12eee3b850797adfae3ea30dcc7a1a2035855938db7f97559499afc64db3b9d95506

  • SSDEEP

    1536:P/sYLjOsy++uNfspHMF+AHrRtJPgvlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:M4nz+uRFDPgvltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      85515ce91e102b5dda3fa0a45a0d4a00N.exe

    • Size

      163KB

    • MD5

      85515ce91e102b5dda3fa0a45a0d4a00

    • SHA1

      8f4f1e9ceb97706f2ab832475437ef4f0fe948fd

    • SHA256

      0da911989d9aa830a64bffbea726b8390ca70cf70dbab445a2f82beec094024d

    • SHA512

      e96c5f06bbfa5edbe0fc00b7da85acd4eb1404b4df60c41d5a913a59c41d12eee3b850797adfae3ea30dcc7a1a2035855938db7f97559499afc64db3b9d95506

    • SSDEEP

      1536:P/sYLjOsy++uNfspHMF+AHrRtJPgvlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:M4nz+uRFDPgvltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks