General

  • Target

    d19632b31e78cdffa0e5c55a6428bbd0N.exe

  • Size

    163KB

  • Sample

    240813-gnhbdasdpk

  • MD5

    d19632b31e78cdffa0e5c55a6428bbd0

  • SHA1

    ef2ed32c4902e29fa80e878b54a741c706834f31

  • SHA256

    75f8b2987f737f6280103d15611ce8f0b461d53dee8386a302aa5501de9bfdeb

  • SHA512

    4ec1c09c670cf5d210e742ec992408a3fc473920aaad79da38ae6f5bec6a751af46c6f4794164b006acc5cffcc6853cd5e4907c303ca90cfa46183d17841564f

  • SSDEEP

    1536:PLeEmbmiQgxdEZN3+W9vFZHwV4uP1NsXVp+6h5ZNph9QaxF7/lProNVU4qNVUrke:jxiPxInhJW4NjzxF7ltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      d19632b31e78cdffa0e5c55a6428bbd0N.exe

    • Size

      163KB

    • MD5

      d19632b31e78cdffa0e5c55a6428bbd0

    • SHA1

      ef2ed32c4902e29fa80e878b54a741c706834f31

    • SHA256

      75f8b2987f737f6280103d15611ce8f0b461d53dee8386a302aa5501de9bfdeb

    • SHA512

      4ec1c09c670cf5d210e742ec992408a3fc473920aaad79da38ae6f5bec6a751af46c6f4794164b006acc5cffcc6853cd5e4907c303ca90cfa46183d17841564f

    • SSDEEP

      1536:PLeEmbmiQgxdEZN3+W9vFZHwV4uP1NsXVp+6h5ZNph9QaxF7/lProNVU4qNVUrke:jxiPxInhJW4NjzxF7ltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks