gozi | b41747714910cee5eb306f61dfa61dd5c3c72450a60fc36280b8d7fd0643b54b | Triage

Sharing

General

Target

fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118
Size

224KB
Sample

240927-y3y14sxerk
MD5

fad8f37c9bd5420f49cfd5960a60fa24
SHA1

6c97f91f77e44fd7ada5d09e2bed16744a3efcc3
SHA256

b41747714910cee5eb306f61dfa61dd5c3c72450a60fc36280b8d7fd0643b54b
SHA512

e93ead6e855994c1024dba6a259b1630d6d247f639887877b8d47ddf4c7f42809fe903d4f185956f9f8b12b18bcd27d38b1c0c0ca87a4c7fc5d0056b226121a2
SSDEEP

3072:t78yHpYetDrHNsbqrf29rGHWwsMr7w2nu+PpAgxs9D/sv9Z:t78yHp9rQ85RZr0ku+cD/cZ

Score

10^/10

gozi defense_evasion discovery isfb

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  fad8f37c9bd5420f49cfd5960a60fa24_JaffaCakes118
- Size
  
  224KB
- MD5
  
  fad8f37c9bd5420f49cfd5960a60fa24
- SHA1
  
  6c97f91f77e44fd7ada5d09e2bed16744a3efcc3
- SHA256
  
  b41747714910cee5eb306f61dfa61dd5c3c72450a60fc36280b8d7fd0643b54b
- SHA512
  
  e93ead6e855994c1024dba6a259b1630d6d247f639887877b8d47ddf4c7f42809fe903d4f185956f9f8b12b18bcd27d38b1c0c0ca87a4c7fc5d0056b226121a2
- SSDEEP
  
  3072:t78yHpYetDrHNsbqrf29rGHWwsMr7w2nu+PpAgxs9D/sv9Z:t78yHp9rQ85RZr0ku+cD/cZ
Score

7^/10

defense_evasion discovery
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery