General

  • Target

    53209afd8f6a5fbd3609674f13fe9d9e7f5b5a5ab2b056e42f3257b25e9caea8

  • Size

    163KB

  • Sample

    240812-zhbwhstcnf

  • MD5

    bd69a1643b1e393bc65d5e9b10876730

  • SHA1

    59552ddca5390bfa111055d6ae71c7c3c3efb21e

  • SHA256

    53209afd8f6a5fbd3609674f13fe9d9e7f5b5a5ab2b056e42f3257b25e9caea8

  • SHA512

    023363e9479aa46fe37c130be7cbf605e79810c29098e9296eef187a1b1ed3415e76855436baee8d427b1910ad7b432a63194beb005936e13ea7fe84aa1725fc

  • SSDEEP

    1536:PzP/C4g3ApTNamI24Fs3VlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:rP/VHfOFCVltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      53209afd8f6a5fbd3609674f13fe9d9e7f5b5a5ab2b056e42f3257b25e9caea8

    • Size

      163KB

    • MD5

      bd69a1643b1e393bc65d5e9b10876730

    • SHA1

      59552ddca5390bfa111055d6ae71c7c3c3efb21e

    • SHA256

      53209afd8f6a5fbd3609674f13fe9d9e7f5b5a5ab2b056e42f3257b25e9caea8

    • SHA512

      023363e9479aa46fe37c130be7cbf605e79810c29098e9296eef187a1b1ed3415e76855436baee8d427b1910ad7b432a63194beb005936e13ea7fe84aa1725fc

    • SSDEEP

      1536:PzP/C4g3ApTNamI24Fs3VlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:rP/VHfOFCVltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks