General

  • Target

    30d274b277254c0917a2bce193962c263ae534bfc3b909e3033262d50d1b9816

  • Size

    163KB

  • Sample

    240812-x8s7da1akf

  • MD5

    a7f630edf160d8ff3b7eddf716fc9fcc

  • SHA1

    5ffc0d4180e0503620a86927c0f16130c6dfeefd

  • SHA256

    30d274b277254c0917a2bce193962c263ae534bfc3b909e3033262d50d1b9816

  • SHA512

    b6d1ba772f4efab93138fa5d3df45c6365dc143ac920b1428331b67cae8dc11cfe88faba0263f981ad51032421cd56e765b402f0790c585943aa9e4c4cb50830

  • SSDEEP

    1536:PTn0M3BnVZ9K3gMxqHnbpmzQCzU1gbR0B8pt8lProNVU4qNVUrk/9QbfBr+7GwKn:rn0eZzBDgt0SP8ltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      30d274b277254c0917a2bce193962c263ae534bfc3b909e3033262d50d1b9816

    • Size

      163KB

    • MD5

      a7f630edf160d8ff3b7eddf716fc9fcc

    • SHA1

      5ffc0d4180e0503620a86927c0f16130c6dfeefd

    • SHA256

      30d274b277254c0917a2bce193962c263ae534bfc3b909e3033262d50d1b9816

    • SHA512

      b6d1ba772f4efab93138fa5d3df45c6365dc143ac920b1428331b67cae8dc11cfe88faba0263f981ad51032421cd56e765b402f0790c585943aa9e4c4cb50830

    • SSDEEP

      1536:PTn0M3BnVZ9K3gMxqHnbpmzQCzU1gbR0B8pt8lProNVU4qNVUrk/9QbfBr+7GwKn:rn0eZzBDgt0SP8ltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks