gozi

General

Target

e67b74b95ee0ce9510a30f6d01233349_JaffaCakes118
Size

784KB
Sample

240917-k3eetavdlc
MD5

e67b74b95ee0ce9510a30f6d01233349
SHA1

1cb945889897e7433b32c1b27c769c517360aec9
SHA256

0b450dd32625f196afbfc5bdaccc5c6c41e15543d7a1fbf87d034eec33ce9ed7
SHA512

6041c09406a5ca63efdeab2599e45e9899f1b18833741293050e50cfc2fd541d8a32c487ef25b4c9e4e51b4dcf0794fe8093c85e4bc5d82c0e00de7e41d6bf4f
SSDEEP

12288:zenLtsWghSCb6Go7VbkU92TofIUwkpOYr5amm8sdHUrmutq3I/9EXlSC20NZvI:zFhnVoVbk4DIUjpbt61d0rbECWo

Score

10^/10

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  e67b74b95ee0ce9510a30f6d01233349_JaffaCakes118
- Size
  
  784KB
- MD5
  
  e67b74b95ee0ce9510a30f6d01233349
- SHA1
  
  1cb945889897e7433b32c1b27c769c517360aec9
- SHA256
  
  0b450dd32625f196afbfc5bdaccc5c6c41e15543d7a1fbf87d034eec33ce9ed7
- SHA512
  
  6041c09406a5ca63efdeab2599e45e9899f1b18833741293050e50cfc2fd541d8a32c487ef25b4c9e4e51b4dcf0794fe8093c85e4bc5d82c0e00de7e41d6bf4f
- SSDEEP
  
  12288:zenLtsWghSCb6Go7VbkU92TofIUwkpOYr5amm8sdHUrmutq3I/9EXlSC20NZvI:zFhnVoVbk4DIUjpbt61d0rbECWo
Score

10^/10

gozi xmrig banker discovery isfb miner trojan upx
- Gozi
  Gozi is a well-known and widely distributed banking trojan.
  banker trojan gozi
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

xmrig

XMRig Miner payload

Deletes itself

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2