General

  • Target

    8783d9b719d516d701161dce976dc3056a8efb20dedaca5b2226f366ef3f7b31

  • Size

    245KB

  • Sample

    240811-3e1x1stgnq

  • MD5

    ce1c33ee51c5e123688e259a2e3c6d34

  • SHA1

    ca61bec5cdcd258f63f7382134ecf36da125f7bf

  • SHA256

    8783d9b719d516d701161dce976dc3056a8efb20dedaca5b2226f366ef3f7b31

  • SHA512

    cd85a4ea38f24189d132ade369746e324bebafcc9407f58234819bb12120d70c75b830f9f2855c3b4ae67a2088b70ca14e5c0ce60309a5d401bfe5b4a4e2b624

  • SSDEEP

    1536:hbANnnB3fN/yfnQjOiFWldux/4cXeXvubKrFEwMEwKhbArEwKhQL4cXeXvubKr:h0NnDyfQ2uxwago+bAr+Qka

Malware Config

Extracted

Family

gozi

Targets

    • Target

      8783d9b719d516d701161dce976dc3056a8efb20dedaca5b2226f366ef3f7b31

    • Size

      245KB

    • MD5

      ce1c33ee51c5e123688e259a2e3c6d34

    • SHA1

      ca61bec5cdcd258f63f7382134ecf36da125f7bf

    • SHA256

      8783d9b719d516d701161dce976dc3056a8efb20dedaca5b2226f366ef3f7b31

    • SHA512

      cd85a4ea38f24189d132ade369746e324bebafcc9407f58234819bb12120d70c75b830f9f2855c3b4ae67a2088b70ca14e5c0ce60309a5d401bfe5b4a4e2b624

    • SSDEEP

      1536:hbANnnB3fN/yfnQjOiFWldux/4cXeXvubKrFEwMEwKhbArEwKhQL4cXeXvubKr:h0NnDyfQ2uxwago+bAr+Qka

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks