General

  • Target

    8b8bd4b9b044a8f0e3d0614d1b1f0f8dcdbe25a4db64fefb355cf87a4600e4b1

  • Size

    163KB

  • Sample

    240809-3tzcqsvhql

  • MD5

    c051ef5b0f7149e0b80fd1635d4e0913

  • SHA1

    2f0e9b8cf57ed3afe2b00842a5c7ed2978f26507

  • SHA256

    8b8bd4b9b044a8f0e3d0614d1b1f0f8dcdbe25a4db64fefb355cf87a4600e4b1

  • SHA512

    2f069de99a7f49b98e697c340572a9e154e8ba88ff48a1d4cda1ba8e5635513e8ede89eaf5873dc0d96538b77024ff3bb92ad7aa7c6201f41d8fe9a9782e671d

  • SSDEEP

    1536:P6xX7PYTVVCFDosGEUAmty6/NMcylProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:y98VDhudltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      8b8bd4b9b044a8f0e3d0614d1b1f0f8dcdbe25a4db64fefb355cf87a4600e4b1

    • Size

      163KB

    • MD5

      c051ef5b0f7149e0b80fd1635d4e0913

    • SHA1

      2f0e9b8cf57ed3afe2b00842a5c7ed2978f26507

    • SHA256

      8b8bd4b9b044a8f0e3d0614d1b1f0f8dcdbe25a4db64fefb355cf87a4600e4b1

    • SHA512

      2f069de99a7f49b98e697c340572a9e154e8ba88ff48a1d4cda1ba8e5635513e8ede89eaf5873dc0d96538b77024ff3bb92ad7aa7c6201f41d8fe9a9782e671d

    • SSDEEP

      1536:P6xX7PYTVVCFDosGEUAmty6/NMcylProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:y98VDhudltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks