gozi | 0ebac735b1ec8ae1026525063212a09f570d83c012577bedd5977c1d8ba8b78a | Triage

Sharing

General

Target

e8ac9f66515fe0b801b2b1e19916fb1e_JaffaCakes118
Size

100KB
Sample

241212-2xv9taznhs
MD5

e8ac9f66515fe0b801b2b1e19916fb1e
SHA1

616ccaa9d8e10e0e1aa48c37f66f5d24d86ebe74
SHA256

0ebac735b1ec8ae1026525063212a09f570d83c012577bedd5977c1d8ba8b78a
SHA512

e5bcf510df380876d81827f68b8d3cb432763db1a3df8d19f892ed8a584a9396bdebd46bedcc56496d53597c0887fe232f85448a464acb6a93fee102a761f588
SSDEEP

1536:hqp2oQrAPHVAMJkdwMX1Am6/Gu2XdoSs2SbPd/9ZK8o2rNf4cXcx84kiTMz:hqpyMJkdn6/GjXdGd/02Z4cMqiTMz

Score

10^/10

gozi adware discovery isfb stealer

Malware Config

Extracted

Family

gozi

Targets

- Target
  
  e8ac9f66515fe0b801b2b1e19916fb1e_JaffaCakes118
- Size
  
  100KB
- MD5
  
  e8ac9f66515fe0b801b2b1e19916fb1e
- SHA1
  
  616ccaa9d8e10e0e1aa48c37f66f5d24d86ebe74
- SHA256
  
  0ebac735b1ec8ae1026525063212a09f570d83c012577bedd5977c1d8ba8b78a
- SHA512
  
  e5bcf510df380876d81827f68b8d3cb432763db1a3df8d19f892ed8a584a9396bdebd46bedcc56496d53597c0887fe232f85448a464acb6a93fee102a761f588
- SSDEEP
  
  1536:hqp2oQrAPHVAMJkdwMX1Am6/Gu2XdoSs2SbPd/9ZK8o2rNf4cXcx84kiTMz:hqpyMJkdn6/GjXdGd/02Z4cMqiTMz
Score

7^/10

adware discovery stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarediscoverystealer