General

  • Target

    f2e7b9ef97061051acb7e9ad568062e0N.exe

  • Size

    163KB

  • Sample

    240812-27ae4a1bla

  • MD5

    f2e7b9ef97061051acb7e9ad568062e0

  • SHA1

    acc149ebd1cd432c7c6a91662b3ec794abdbff75

  • SHA256

    fbbf0569fe4e099cf34b74bcd8d9865867b27abafd52285549764a2269b4dcce

  • SHA512

    b1c88150d5e8704e24a4d4ea4b175ee09e06c5fe039a792baebe8f65c8e6f3f0f65cdac484ef45bfc7450694c789aec5be31ca0b53ed2be80652d720f6e81e97

  • SSDEEP

    1536:PaMk37SvYkzCKo/w1Zes4C5g8tuwlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:y37SAso/Y8DKg8tjltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      f2e7b9ef97061051acb7e9ad568062e0N.exe

    • Size

      163KB

    • MD5

      f2e7b9ef97061051acb7e9ad568062e0

    • SHA1

      acc149ebd1cd432c7c6a91662b3ec794abdbff75

    • SHA256

      fbbf0569fe4e099cf34b74bcd8d9865867b27abafd52285549764a2269b4dcce

    • SHA512

      b1c88150d5e8704e24a4d4ea4b175ee09e06c5fe039a792baebe8f65c8e6f3f0f65cdac484ef45bfc7450694c789aec5be31ca0b53ed2be80652d720f6e81e97

    • SSDEEP

      1536:PaMk37SvYkzCKo/w1Zes4C5g8tuwlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:y37SAso/Y8DKg8tjltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks