General

  • Target

    c1a20449a8485b008dbbfef49c928de00a1f4285ed8cabe0fb05a1b45030df32

  • Size

    163KB

  • Sample

    240812-ccx58szdqk

  • MD5

    f6b9c7da09278c55182ab0a3a35e40a5

  • SHA1

    55ef704b8f6b441552bd7ce746018bd4eaf62d17

  • SHA256

    c1a20449a8485b008dbbfef49c928de00a1f4285ed8cabe0fb05a1b45030df32

  • SHA512

    5f9931f3577bcb5d425c243e8c6eff592659674c4044d59e99b93023477db0fc9eed15d09bc3ec8068af96b124fc1f51375bce5af5789632b843510cc66ecf2c

  • SSDEEP

    1536:Pe1vvOmAWqoqBOoQOTNaSBlV1lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:yvvZA3oh7O5PV1ltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      c1a20449a8485b008dbbfef49c928de00a1f4285ed8cabe0fb05a1b45030df32

    • Size

      163KB

    • MD5

      f6b9c7da09278c55182ab0a3a35e40a5

    • SHA1

      55ef704b8f6b441552bd7ce746018bd4eaf62d17

    • SHA256

      c1a20449a8485b008dbbfef49c928de00a1f4285ed8cabe0fb05a1b45030df32

    • SHA512

      5f9931f3577bcb5d425c243e8c6eff592659674c4044d59e99b93023477db0fc9eed15d09bc3ec8068af96b124fc1f51375bce5af5789632b843510cc66ecf2c

    • SSDEEP

      1536:Pe1vvOmAWqoqBOoQOTNaSBlV1lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:yvvZA3oh7O5PV1ltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks