gozi | 219423a32336987838bea44a471fe02700e2e74ba4c98ebb41512b7bc15e0c32 | Triage

Sharing

General

Target

def612ad0554006378f185d3b56efb57_JaffaCakes118
Size

148KB
Sample

240913-1n182a1fmc
MD5

def612ad0554006378f185d3b56efb57
SHA1

b27ea28e772fbc6b7f80b75b2ba6d32b39d6f256
SHA256

219423a32336987838bea44a471fe02700e2e74ba4c98ebb41512b7bc15e0c32
SHA512

5ebc664726aad811d6f91de8c7d355b312799e39e69af5218de0eda7d6696c5f1c025737c87c7bda0b22883425fd808770592c9bd7a3f39e759c5dbc46f14f9e
SSDEEP

1536:OjLzLxke+a6vLZqyMe6Gfo84U0taH3DfBTF7kK3RmkdumKlT4j0wEwVAcEDKgf:oxka6gGfoucaH3VBmkduXl8+wVAcw/

Score

10^/10

gozi discovery isfb

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  def612ad0554006378f185d3b56efb57_JaffaCakes118
- Size
  
  148KB
- MD5
  
  def612ad0554006378f185d3b56efb57
- SHA1
  
  b27ea28e772fbc6b7f80b75b2ba6d32b39d6f256
- SHA256
  
  219423a32336987838bea44a471fe02700e2e74ba4c98ebb41512b7bc15e0c32
- SHA512
  
  5ebc664726aad811d6f91de8c7d355b312799e39e69af5218de0eda7d6696c5f1c025737c87c7bda0b22883425fd808770592c9bd7a3f39e759c5dbc46f14f9e
- SSDEEP
  
  1536:OjLzLxke+a6vLZqyMe6Gfo84U0taH3DfBTF7kK3RmkdumKlT4j0wEwVAcEDKgf:oxka6gGfoucaH3VBmkduXl8+wVAcw/
Score

7^/10

discovery
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2