Overview

overview

10

Static

static

5

a895191b0f...18.exe

windows7-x64

7

a895191b0f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a895191b0fb0cc41271092c8623db4ed_JaffaCakes118

  • Size

    2.9MB

  • Sample

    241127-s9nk3awmcj

  • MD5

    a895191b0fb0cc41271092c8623db4ed

  • SHA1

    7582c2e6c599778af99852500bf90bb42477c848

  • SHA256

    7e4d864579510c03f56c3630333fc5df2c2c6f8c7e4ff7632fe91b59fbb22763

  • SHA512

    8915c3db6eb07db7fd51531e978b8522f7502689174999e57449b13817afed328b56725dcd3b35765abe584559e8fc7415609f911d1fd4a437628737f74e9690

  • SSDEEP

    49152:T6mRD4uQXR8vio1oj6Xpch/gP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:T6mREuQXwqjupU/ggg3gnl/IVUs1jePs

Score
10/10
gozibankerdiscoveryisfbtrojanupx

Malware Config

Extracted

Family

gozi

Targets

    • Target

      a895191b0fb0cc41271092c8623db4ed_JaffaCakes118

    • Size

      2.9MB

    • MD5

      a895191b0fb0cc41271092c8623db4ed

    • SHA1

      7582c2e6c599778af99852500bf90bb42477c848

    • SHA256

      7e4d864579510c03f56c3630333fc5df2c2c6f8c7e4ff7632fe91b59fbb22763

    • SHA512

      8915c3db6eb07db7fd51531e978b8522f7502689174999e57449b13817afed328b56725dcd3b35765abe584559e8fc7415609f911d1fd4a437628737f74e9690

    • SSDEEP

      49152:T6mRD4uQXR8vio1oj6Xpch/gP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:T6mREuQXwqjupU/ggg3gnl/IVUs1jePs

    Score
    10/10
    discoveryupxgozibankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks