General

  • Target

    5701a07ba764eb430e0f97a5330e252f87bbd3d8950cca37515ccff335aa09f0

  • Size

    163KB

  • Sample

    240808-1frdvszfjj

  • MD5

    ec3b94d5fb6e8b258898cc4d97378b68

  • SHA1

    6c48ecadfe1e0e1cac2a6707c2d990ccb6e4b243

  • SHA256

    5701a07ba764eb430e0f97a5330e252f87bbd3d8950cca37515ccff335aa09f0

  • SHA512

    712ace07affa2d6c7a73f97c493a3db046e5262e37de18115040f5f9e5ced2bad5940590823081d696d523e8504223df91e9d7b0b8606e508f599ce2550b7a38

  • SSDEEP

    1536:PHpVMg87Wmw6M82hfM3LQOplProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:cg0Y6M82KbQOpltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      5701a07ba764eb430e0f97a5330e252f87bbd3d8950cca37515ccff335aa09f0

    • Size

      163KB

    • MD5

      ec3b94d5fb6e8b258898cc4d97378b68

    • SHA1

      6c48ecadfe1e0e1cac2a6707c2d990ccb6e4b243

    • SHA256

      5701a07ba764eb430e0f97a5330e252f87bbd3d8950cca37515ccff335aa09f0

    • SHA512

      712ace07affa2d6c7a73f97c493a3db046e5262e37de18115040f5f9e5ced2bad5940590823081d696d523e8504223df91e9d7b0b8606e508f599ce2550b7a38

    • SSDEEP

      1536:PHpVMg87Wmw6M82hfM3LQOplProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:cg0Y6M82KbQOpltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks