gozi | 45f9edf723b3fa3015009a10719965385fb56d88ab9a35cc16485b0c2d96d04b | Triage

Sharing

General

Target

TrapBat.exe
Size

11.3MB
Sample

240910-ryjmasxhkj
MD5

31268079a650fc9d9e85f61c03704d72
SHA1

adb23f7f72a3892a36777b131e1c396522f07849
SHA256

45f9edf723b3fa3015009a10719965385fb56d88ab9a35cc16485b0c2d96d04b
SHA512

beb868c4c6a0bede9d25ac20575fc3cef7c6ab94bbd0f61e3951b3389d41d729a651d32d7eb2279ae52a10985c7cca30059662f6a0502c8469435a9cde221c36
SSDEEP

196608:x9+tI823/AMed4Vju5bVN2B1r73OPcrOQmoH/hgE1sgxP9ab+dXDYmdN1+1LufGV:7+m823/AMG4VjucXCZoH/q+jg+dXsmHG

Score

10^/10

gozi discovery execution isfb

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  TrapBat.exe
- Size
  
  11.3MB
- MD5
  
  31268079a650fc9d9e85f61c03704d72
- SHA1
  
  adb23f7f72a3892a36777b131e1c396522f07849
- SHA256
  
  45f9edf723b3fa3015009a10719965385fb56d88ab9a35cc16485b0c2d96d04b
- SHA512
  
  beb868c4c6a0bede9d25ac20575fc3cef7c6ab94bbd0f61e3951b3389d41d729a651d32d7eb2279ae52a10985c7cca30059662f6a0502c8469435a9cde221c36
- SSDEEP
  
  196608:x9+tI823/AMed4Vju5bVN2B1r73OPcrOQmoH/hgE1sgxP9ab+dXDYmdN1+1LufGV:7+m823/AMG4VjucXCZoH/q+jg+dXsmHG
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecution