General

  • Target

    cc50b8fa31bbcc8fbc9a596496369730N.exe

  • Size

    163KB

  • Sample

    240813-ra4ybssclj

  • MD5

    cc50b8fa31bbcc8fbc9a596496369730

  • SHA1

    32aa4f32ca579002af129d7452e4b60396d9c15a

  • SHA256

    e4ae1cc0f08061ee0cafecdfa20d3ca90fef45ec312b8fdebddd718d7fb0a61c

  • SHA512

    cd84c2c267c042da3572c2abcaec1df45df2840df38abc73b22a637258b976d66d8fb280e277ee537ab21ced72361574e48032ff02bcccc0505b0aba46d39285

  • SSDEEP

    1536:PXB9nkq2lScLXrtV/HJ8ujc5lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:ZjAScLXp1JdWltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      cc50b8fa31bbcc8fbc9a596496369730N.exe

    • Size

      163KB

    • MD5

      cc50b8fa31bbcc8fbc9a596496369730

    • SHA1

      32aa4f32ca579002af129d7452e4b60396d9c15a

    • SHA256

      e4ae1cc0f08061ee0cafecdfa20d3ca90fef45ec312b8fdebddd718d7fb0a61c

    • SHA512

      cd84c2c267c042da3572c2abcaec1df45df2840df38abc73b22a637258b976d66d8fb280e277ee537ab21ced72361574e48032ff02bcccc0505b0aba46d39285

    • SSDEEP

      1536:PXB9nkq2lScLXrtV/HJ8ujc5lProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:ZjAScLXp1JdWltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks