General

  • Target

    f10f4331eb079e5f925c767fc0a1d010N.exe

  • Size

    163KB

  • Sample

    240813-t24srathrc

  • MD5

    f10f4331eb079e5f925c767fc0a1d010

  • SHA1

    884200b8136f9feabd063d4d7fb9bd71f97e154d

  • SHA256

    c94f063c852d1faf91389700e6207b11c965feaf7409cd13a1b53353320e0df6

  • SHA512

    5831f53c70d53e4a5a208a12a5c90dbaf521cd05b4c6bc2c5ae5710d3b650ce41f2c5ac0b29ff5b6ef53614cb327769e4eea6c85aa5c135ba2a3f0003a0ea9f2

  • SSDEEP

    1536:Pglv/rXQne2IdbE0de36+t5UniBBRTlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:+GIgJPBRTltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      f10f4331eb079e5f925c767fc0a1d010N.exe

    • Size

      163KB

    • MD5

      f10f4331eb079e5f925c767fc0a1d010

    • SHA1

      884200b8136f9feabd063d4d7fb9bd71f97e154d

    • SHA256

      c94f063c852d1faf91389700e6207b11c965feaf7409cd13a1b53353320e0df6

    • SHA512

      5831f53c70d53e4a5a208a12a5c90dbaf521cd05b4c6bc2c5ae5710d3b650ce41f2c5ac0b29ff5b6ef53614cb327769e4eea6c85aa5c135ba2a3f0003a0ea9f2

    • SSDEEP

      1536:Pglv/rXQne2IdbE0de36+t5UniBBRTlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:+GIgJPBRTltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks