General

  • Target

    600659ced57bae51ef7bbad91847c5587d5a1f353d2163b4e78ed7123a6b9a2f

  • Size

    163KB

  • Sample

    240810-11a8dazhmj

  • MD5

    9c7e228bbf2a677905936bc029012731

  • SHA1

    26d358b0aea5c59de6c3b094e48c8a94b62b0d4a

  • SHA256

    600659ced57bae51ef7bbad91847c5587d5a1f353d2163b4e78ed7123a6b9a2f

  • SHA512

    45c15b0a218b0779c974f92dc0603e2823c32f6a6b4cd21ebc2dfecd43044ca8b6379faa1fd601a5f527f3648168e6ee2976e0c70e6e3e92d4056a8871833478

  • SSDEEP

    1536:PAEwrttz89gT7eIuRJ8t94dlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:4Ewo9gT7DmJ8vSltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      600659ced57bae51ef7bbad91847c5587d5a1f353d2163b4e78ed7123a6b9a2f

    • Size

      163KB

    • MD5

      9c7e228bbf2a677905936bc029012731

    • SHA1

      26d358b0aea5c59de6c3b094e48c8a94b62b0d4a

    • SHA256

      600659ced57bae51ef7bbad91847c5587d5a1f353d2163b4e78ed7123a6b9a2f

    • SHA512

      45c15b0a218b0779c974f92dc0603e2823c32f6a6b4cd21ebc2dfecd43044ca8b6379faa1fd601a5f527f3648168e6ee2976e0c70e6e3e92d4056a8871833478

    • SSDEEP

      1536:PAEwrttz89gT7eIuRJ8t94dlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:4Ewo9gT7DmJ8vSltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks