General

  • Target

    a32a21ff662b655c69683ab3456dff51597cac0f9f831d3403b1c8ec2fdc697c

  • Size

    163KB

  • Sample

    240809-a1m9tsxbne

  • MD5

    5e746b99f6fab89951554f6607e913b3

  • SHA1

    05c5883d30ce92d3979cd6fd2480c1aa873b5148

  • SHA256

    a32a21ff662b655c69683ab3456dff51597cac0f9f831d3403b1c8ec2fdc697c

  • SHA512

    56b9057de3588eeaad79dd8ff29a40e008cce19ecf6eb99c4b9fe1eb7899905fd21d9553bd6204e629361e486c0d1bc1108bd9d3e9d0119068e83dfd7ecb47f4

  • SSDEEP

    1536:PmgmYxFu01Ua1IQaVdvA8dGUhlOGnplProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:4Yb5AfMGnpltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      a32a21ff662b655c69683ab3456dff51597cac0f9f831d3403b1c8ec2fdc697c

    • Size

      163KB

    • MD5

      5e746b99f6fab89951554f6607e913b3

    • SHA1

      05c5883d30ce92d3979cd6fd2480c1aa873b5148

    • SHA256

      a32a21ff662b655c69683ab3456dff51597cac0f9f831d3403b1c8ec2fdc697c

    • SHA512

      56b9057de3588eeaad79dd8ff29a40e008cce19ecf6eb99c4b9fe1eb7899905fd21d9553bd6204e629361e486c0d1bc1108bd9d3e9d0119068e83dfd7ecb47f4

    • SSDEEP

      1536:PmgmYxFu01Ua1IQaVdvA8dGUhlOGnplProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:4Yb5AfMGnpltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks