General

  • Target

    16741407e3bcfe0af5086d9a1b10d861_JaffaCakes118

  • Size

    411KB

  • Sample

    241005-gsbpdszann

  • MD5

    16741407e3bcfe0af5086d9a1b10d861

  • SHA1

    4fd4ae2532ca0a25a438964cb12cf607a0c41a30

  • SHA256

    0af028f93b1dcb1caa4a4c5aa41e74e5ec71c52c939a93f21f3db68add043fcb

  • SHA512

    1ad04238a14fd59d6219c493e99746c2079592393ffb197f33e3eef236b671742855b9f65e7c09c6a0df75e1108af8ab110575479b8e879febd7a9440e0d2d2f

  • SSDEEP

    12288:N+sBu0rFbkrL+4kERKXvfhx02v2SwWEOGbaugjQUc:NTYSVGS4D+9X6v

Malware Config

Extracted

Family

gozi

Targets

    • Target

      16741407e3bcfe0af5086d9a1b10d861_JaffaCakes118

    • Size

      411KB

    • MD5

      16741407e3bcfe0af5086d9a1b10d861

    • SHA1

      4fd4ae2532ca0a25a438964cb12cf607a0c41a30

    • SHA256

      0af028f93b1dcb1caa4a4c5aa41e74e5ec71c52c939a93f21f3db68add043fcb

    • SHA512

      1ad04238a14fd59d6219c493e99746c2079592393ffb197f33e3eef236b671742855b9f65e7c09c6a0df75e1108af8ab110575479b8e879febd7a9440e0d2d2f

    • SSDEEP

      12288:N+sBu0rFbkrL+4kERKXvfhx02v2SwWEOGbaugjQUc:NTYSVGS4D+9X6v

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      3e6bf00b3ac976122f982ae2aadb1c51

    • SHA1

      caab188f7fdc84d3fdcb2922edeeb5ed576bd31d

    • SHA256

      4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe

    • SHA512

      1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706

    • SSDEEP

      192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb

    Score
    3/10
    • Target

      ulex.dll

    • Size

      224KB

    • MD5

      640a9f1588d0bff5ce50626760d1498d

    • SHA1

      3845b23b73391bb9040c6139d257b9fd861999a5

    • SHA256

      8783caabdcfacdfaaf43cf5924395006ad14e4c8852a3addf624bdced568c697

    • SHA512

      be48053ca3a542e01831aa4ed65d248082debbb34cae0fb58f49f562cf429fa25c44b7a5de82f004bb2ee856887c5f6d6d91283fea4179d3055db3b7cde17d74

    • SSDEEP

      6144:IGi4lwoJj1larKPN1mi895a+3Ydcnh9suY:04jj1wa1mi8iqnh9

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks