General

  • Target

    d3bb519fa12f374550645c164398ed30N.exe

  • Size

    245KB

  • Sample

    240814-blqbbaycjq

  • MD5

    d3bb519fa12f374550645c164398ed30

  • SHA1

    380e7f06ed0880e2fb6b029bd91f858ef1b6c2ac

  • SHA256

    4c0425db993fa59a75699e305d82cdabb7453049db47aa9d44710253a691d4ac

  • SHA512

    0a10cd64b68d8c88a04414495e30db143120421c54afd51784e2cb37d44e0b21c37c5912b08f0c4df71a47db2fb44c9479dfe61fad3e4372d59507d34a0b6730

  • SSDEEP

    1536:iL+CJaMXJZm3BL2PrudVP9jsgGGa/4cXeXvubKrFEwMEwKhbArEwKhQL4cXeXvuy:iLLJfZm3BL2PrKrjhGXwago+bAr+Qka

Malware Config

Extracted

Family

gozi

Targets

    • Target

      d3bb519fa12f374550645c164398ed30N.exe

    • Size

      245KB

    • MD5

      d3bb519fa12f374550645c164398ed30

    • SHA1

      380e7f06ed0880e2fb6b029bd91f858ef1b6c2ac

    • SHA256

      4c0425db993fa59a75699e305d82cdabb7453049db47aa9d44710253a691d4ac

    • SHA512

      0a10cd64b68d8c88a04414495e30db143120421c54afd51784e2cb37d44e0b21c37c5912b08f0c4df71a47db2fb44c9479dfe61fad3e4372d59507d34a0b6730

    • SSDEEP

      1536:iL+CJaMXJZm3BL2PrudVP9jsgGGa/4cXeXvubKrFEwMEwKhbArEwKhQL4cXeXvuy:iLLJfZm3BL2PrKrjhGXwago+bAr+Qka

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks