General

  • Target

    d130dc51a4662a2976e2f7a23ccbdeb0N.exe

  • Size

    163KB

  • Sample

    240814-lvcfxszhkl

  • MD5

    d130dc51a4662a2976e2f7a23ccbdeb0

  • SHA1

    64b03756c1bfcaa7a32e62a0e74db6d2070e16a4

  • SHA256

    846b5d15acd9a7e7c6f6d73780beda3f85e498b6b6db991024872ef6acaf28fd

  • SHA512

    652760525c73449732f75d7f7045dfbdf5b3cbd0f11aca6a5a5a9947df8078bb294abf9c9bdf9cc9cc48430f6460fb359fe02c889fc57cacc16f90115fd480a2

  • SSDEEP

    1536:P5mT+zAiJdBIo+KMy/avziSGfQ+zzzzC6EKlProNVU4qNVUrk/9QbfBr+7GwKrPb:wwAb5NtitQt6EKltOrWKDBr+yJb

Malware Config

Extracted

Family

gozi

Targets

    • Target

      d130dc51a4662a2976e2f7a23ccbdeb0N.exe

    • Size

      163KB

    • MD5

      d130dc51a4662a2976e2f7a23ccbdeb0

    • SHA1

      64b03756c1bfcaa7a32e62a0e74db6d2070e16a4

    • SHA256

      846b5d15acd9a7e7c6f6d73780beda3f85e498b6b6db991024872ef6acaf28fd

    • SHA512

      652760525c73449732f75d7f7045dfbdf5b3cbd0f11aca6a5a5a9947df8078bb294abf9c9bdf9cc9cc48430f6460fb359fe02c889fc57cacc16f90115fd480a2

    • SSDEEP

      1536:P5mT+zAiJdBIo+KMy/avziSGfQ+zzzzC6EKlProNVU4qNVUrk/9QbfBr+7GwKrPb:wwAb5NtitQt6EKltOrWKDBr+yJb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks