General

  • Target

    a2c3c1bd4ccc581f052e4be8a7d4ae60N.exe

  • Size

    163KB

  • Sample

    240812-114vpaxdqg

  • MD5

    a2c3c1bd4ccc581f052e4be8a7d4ae60

  • SHA1

    1c8a279b47886dd8aee08ee2d0d48972279e4f1b

  • SHA256

    08c83251e062bc6aa57081455e34a109c07e174308bd22ecc4a36034bab32fbf

  • SHA512

    f8f35d0721e2b8dd9a66f953283c5322fde0f462d1fbeb7147c080e1f893b97c1118964bc9ce1ec62af85d13bd9b5bc3269bd582b2265b47d8e705269d4c45d7

  • SSDEEP

    1536:PsJtLsmpgM3yf471uFZUisDh9+MTdlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:YLsN6yf4Au+MhltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      a2c3c1bd4ccc581f052e4be8a7d4ae60N.exe

    • Size

      163KB

    • MD5

      a2c3c1bd4ccc581f052e4be8a7d4ae60

    • SHA1

      1c8a279b47886dd8aee08ee2d0d48972279e4f1b

    • SHA256

      08c83251e062bc6aa57081455e34a109c07e174308bd22ecc4a36034bab32fbf

    • SHA512

      f8f35d0721e2b8dd9a66f953283c5322fde0f462d1fbeb7147c080e1f893b97c1118964bc9ce1ec62af85d13bd9b5bc3269bd582b2265b47d8e705269d4c45d7

    • SSDEEP

      1536:PsJtLsmpgM3yf471uFZUisDh9+MTdlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:YLsN6yf4Au+MhltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks