General

  • Target

    4a028843eee77a35090c988ead7855f6_JaffaCakes118

  • Size

    5.8MB

  • Sample

    241015-zyra5sxbqb

  • MD5

    4a028843eee77a35090c988ead7855f6

  • SHA1

    a1c10bb2d868514c195764c0f1f3b87177d50f01

  • SHA256

    f2f0b3d8f531e90edc235633aa153159fd1595a4b9fb90a0109047a0a2f9ac4c

  • SHA512

    c5108e22163e6563e445299d9be680bbc2c6f4bd8a46bdb20093dcbbece08ffcb218f64d757167af1f881ca674740117c4ea7bbfda3e4966bd34832f2e5fe3a8

  • SSDEEP

    98304:lW2P8JmOuDUf4fZnoDGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+L:vP8YOuDUf4fiGhRaaCkN9qHGhRa

Malware Config

Extracted

Family

gozi

Targets

    • Target

      4a028843eee77a35090c988ead7855f6_JaffaCakes118

    • Size

      5.8MB

    • MD5

      4a028843eee77a35090c988ead7855f6

    • SHA1

      a1c10bb2d868514c195764c0f1f3b87177d50f01

    • SHA256

      f2f0b3d8f531e90edc235633aa153159fd1595a4b9fb90a0109047a0a2f9ac4c

    • SHA512

      c5108e22163e6563e445299d9be680bbc2c6f4bd8a46bdb20093dcbbece08ffcb218f64d757167af1f881ca674740117c4ea7bbfda3e4966bd34832f2e5fe3a8

    • SSDEEP

      98304:lW2P8JmOuDUf4fZnoDGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+L:vP8YOuDUf4fiGhRaaCkN9qHGhRa

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks