General

  • Target

    bec4915003992877b68c9f281e537220N.exe

  • Size

    163KB

  • Sample

    240802-v3pwnashmm

  • MD5

    bec4915003992877b68c9f281e537220

  • SHA1

    a2e9fa2ab34a76b81061329d4bbbe5181831fd69

  • SHA256

    86b3be3b1eb75d617daca000bd85e807b0adaba62da5a770082a0c74fc2ee5c2

  • SHA512

    6bbaf78661506b50cd8f67442a2a69ed87a17b9b9e10b92f0f8c2ffd4ab0b956092155b4efe63c9b7609b78ec106177202160100b315f058c92c78d2ff1678a8

  • SSDEEP

    1536:PBD/I+cqGlprebPkqRh9TJi/LlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:ZDXxMosM0LltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      bec4915003992877b68c9f281e537220N.exe

    • Size

      163KB

    • MD5

      bec4915003992877b68c9f281e537220

    • SHA1

      a2e9fa2ab34a76b81061329d4bbbe5181831fd69

    • SHA256

      86b3be3b1eb75d617daca000bd85e807b0adaba62da5a770082a0c74fc2ee5c2

    • SHA512

      6bbaf78661506b50cd8f67442a2a69ed87a17b9b9e10b92f0f8c2ffd4ab0b956092155b4efe63c9b7609b78ec106177202160100b315f058c92c78d2ff1678a8

    • SSDEEP

      1536:PBD/I+cqGlprebPkqRh9TJi/LlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:ZDXxMosM0LltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks