Overview

overview

10

Static

static

8

infectedmars2021.doc

windows7-x64

10

infectedmars2021.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_70d0c4cb985c9c3cd367b30148dda7a68e9f994ea1baf21588272c2f3be99a29

  • Size

    3.0MB

  • Sample

    241223-vpkd1swjdp

  • MD5

    4bc202f4cfa6a2b3b5668194b89fce6f

  • SHA1

    5dd9acac601530d7b01b353279be0c4462af5f04

  • SHA256

    70d0c4cb985c9c3cd367b30148dda7a68e9f994ea1baf21588272c2f3be99a29

  • SHA512

    4ed0750bb7e8ed344f7be271ed9b04a1b68a09a5a1cac8533f890cf144fd9dd276c50cb844dd2ab83ac2c6bc8b28fcf40517e00ef0051700f06d05ca5bca8ebf

  • SSDEEP

    98304:edSYX9iCLFLgf4XXxRfxrm0xb0zyxNi4VN0jlx:uSVigfcRpHxY+xNJN0P

Score
10/10
gozi5513bankerdiscoveryisfbmacrotrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5513

C2

greenwoodgrace.website

Attributes
  • base_path

    /manifest/

  • build

    250187

  • dga_season

    10

  • exe_type

    loader

  • extension

    .cnx

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      infectedmars2021.doc

    • Size

      4.3MB

    • MD5

      0c8555a71a055a1e553ffe8865cb3ea6

    • SHA1

      a8e77218bdb915adec62580f95d3a8a679b18215

    • SHA256

      2a7811607023a04ca559e46d7106588f4542af11352972ff84d28b49e59d4507

    • SHA512

      ebd784a06b35e8affee01c16f599bdb99336ee5d720e540a56b550579b201d0a04d030cc412b9a120158e5c2ec5bb8e2c5b71fcc810c117f8c290377c87973a9

    • SSDEEP

      49152:oVUg5AfUb76jl/PTV0maWj4qO4eiJbFFYRKFZW+sYzbtqrDpee26:o6gF2jxPpbaWjRnuv

    Score
    10/10
    gozi5513bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks