General

  • Target

    ab658be34de44b7d62af55045d334800N.exe

  • Size

    163KB

  • Sample

    240731-nxfmga1erl

  • MD5

    ab658be34de44b7d62af55045d334800

  • SHA1

    68d15de16b890a7d66885062927baea3b8c956d7

  • SHA256

    00c5aaad806e5c02364597f2f4b7894a0a942cd1fbdf4d6698ccb62fe404f5c2

  • SHA512

    00775a09fe5d188825ff4726a3cf558ba51b8bad6551ed080aa1fcea850e027912502ff7c3ac22781612f776a0849d6460c655706133aee9d99f90936013d350

  • SSDEEP

    1536:PPltgpUD7wQMl+FFZhqNmTuEB7pdWqllProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:nHgeD7bFFfO/EB72SltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      ab658be34de44b7d62af55045d334800N.exe

    • Size

      163KB

    • MD5

      ab658be34de44b7d62af55045d334800

    • SHA1

      68d15de16b890a7d66885062927baea3b8c956d7

    • SHA256

      00c5aaad806e5c02364597f2f4b7894a0a942cd1fbdf4d6698ccb62fe404f5c2

    • SHA512

      00775a09fe5d188825ff4726a3cf558ba51b8bad6551ed080aa1fcea850e027912502ff7c3ac22781612f776a0849d6460c655706133aee9d99f90936013d350

    • SSDEEP

      1536:PPltgpUD7wQMl+FFZhqNmTuEB7pdWqllProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:nHgeD7bFFfO/EB72SltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks