General

  • Target

    8c9201d9b3e0acaf93d6f6708eea6a20N.exe

  • Size

    163KB

  • Sample

    240802-l6f89azbma

  • MD5

    8c9201d9b3e0acaf93d6f6708eea6a20

  • SHA1

    8656101dcbf7ff59b9d182588fe77b4dc3579c12

  • SHA256

    101ebce74b34036d6f208ddd6ca270609b4d6cfde46268408a61611a9a48e22c

  • SHA512

    53a58b7207b57db358780421e57d3ce93ce3ce7462e8a0b43d5b5e2e5a57506d5c9e8493f65a398d753f0d10ade96f2fcec6fcc8160fcfc8a804dd6abca161c8

  • SSDEEP

    1536:PbRMYEvgl+KKe4zCavh6/PwxBVESDSJlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:1iYlbZMvh6Xi8SOJltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      8c9201d9b3e0acaf93d6f6708eea6a20N.exe

    • Size

      163KB

    • MD5

      8c9201d9b3e0acaf93d6f6708eea6a20

    • SHA1

      8656101dcbf7ff59b9d182588fe77b4dc3579c12

    • SHA256

      101ebce74b34036d6f208ddd6ca270609b4d6cfde46268408a61611a9a48e22c

    • SHA512

      53a58b7207b57db358780421e57d3ce93ce3ce7462e8a0b43d5b5e2e5a57506d5c9e8493f65a398d753f0d10ade96f2fcec6fcc8160fcfc8a804dd6abca161c8

    • SSDEEP

      1536:PbRMYEvgl+KKe4zCavh6/PwxBVESDSJlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNy:1iYlbZMvh6Xi8SOJltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks