gozi | 422ba6dae6752430a2e52e1efb327f277e912ce551f9f1408ee6ab13ebf3717a | Triage

Sharing

General

Target

dc01df3c40cb4fb0bef448693475ea1b_JaffaCakes118
Size

80KB
Sample

240912-hhzh5swfld
MD5

dc01df3c40cb4fb0bef448693475ea1b
SHA1

a81ba37cce6201f5ad4d256c1eac55976cbdb5ac
SHA256

422ba6dae6752430a2e52e1efb327f277e912ce551f9f1408ee6ab13ebf3717a
SHA512

9160928492dd4ec28bb00fd00657cd05d104f4e4938dbf25f2acc65a5a0b0280a67a503e58713191a8b95709bdd2fd47439f61529733c7242792c59141359e29
SSDEEP

768:DAbj35jVq5PIZtsUD0oc75LXf+Dmu0+zaEMv38S/A6yM+tX/1M5F0knS3qXxDTgP:Eju5gQqhYf8m2aImH1m0uAB24CjFlKE

Score

10^/10

gozi defense_evasion discovery isfb

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  dc01df3c40cb4fb0bef448693475ea1b_JaffaCakes118
- Size
  
  80KB
- MD5
  
  dc01df3c40cb4fb0bef448693475ea1b
- SHA1
  
  a81ba37cce6201f5ad4d256c1eac55976cbdb5ac
- SHA256
  
  422ba6dae6752430a2e52e1efb327f277e912ce551f9f1408ee6ab13ebf3717a
- SHA512
  
  9160928492dd4ec28bb00fd00657cd05d104f4e4938dbf25f2acc65a5a0b0280a67a503e58713191a8b95709bdd2fd47439f61529733c7242792c59141359e29
- SSDEEP
  
  768:DAbj35jVq5PIZtsUD0oc75LXf+Dmu0+zaEMv38S/A6yM+tX/1M5F0knS3qXxDTgP:Eju5gQqhYf8m2aImH1m0uAB24CjFlKE
Score

7^/10

defense_evasion discovery
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery