Overview

overview

10

Static

static

5

3c1235ca24...18.exe

windows7-x64

10

3c1235ca24...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c1235ca242b24627c32f1d64e6cfc55_JaffaCakes118

  • Size

    5.8MB

  • Sample

    241012-z4gc5awcmj

  • MD5

    3c1235ca242b24627c32f1d64e6cfc55

  • SHA1

    0b22c2e30103fbc59f9b7d8e6324ab7407e45071

  • SHA256

    a75d3f02edb6764c31c033339c94322d5c8af0dd0473d4682abf99cc832dd715

  • SHA512

    3a5653cc134092c3c991ff3e1890aa549fc0a8bf1d0a8a191db82aa9e7aac209a9df6b69694b83eacbe0feb547865c364d37f1d6fe4360a022630d9acdc5df59

  • SSDEEP

    98304:bSx1V8gzYDHQ0/1O8eQe0yvUwgg3gnl/IVUs1jePsULAEVr6slCeZ8isagg3gnli:beMH11OuJUgl/iBiPqEVWhegOgl/iBiP

Score
10/10
gozibankerdiscoveryisfbtrojanupx

Malware Config

Extracted

Family

gozi

Targets

    • Target

      3c1235ca242b24627c32f1d64e6cfc55_JaffaCakes118

    • Size

      5.8MB

    • MD5

      3c1235ca242b24627c32f1d64e6cfc55

    • SHA1

      0b22c2e30103fbc59f9b7d8e6324ab7407e45071

    • SHA256

      a75d3f02edb6764c31c033339c94322d5c8af0dd0473d4682abf99cc832dd715

    • SHA512

      3a5653cc134092c3c991ff3e1890aa549fc0a8bf1d0a8a191db82aa9e7aac209a9df6b69694b83eacbe0feb547865c364d37f1d6fe4360a022630d9acdc5df59

    • SSDEEP

      98304:bSx1V8gzYDHQ0/1O8eQe0yvUwgg3gnl/IVUs1jePsULAEVr6slCeZ8isagg3gnli:beMH11OuJUgl/iBiPqEVWhegOgl/iBiP

    Score
    10/10
    gozibankerdiscoveryisfbtrojanupx

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks