Overview

overview

10

Static

static

3

27b34893f1...6a.exe

windows7-x64

10

27b34893f1...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27b34893f16a8d49650621dd320468abc3050a2d7c49144428fb7da9d07c486a

  • Size

    516KB

  • Sample

    241224-zc6tpswqfz

  • MD5

    c5be10b6e6fb9f60cfbbd5cee5648f9c

  • SHA1

    90fb886f0dee7f7341092ef77cc42195df3dfeea

  • SHA256

    27b34893f16a8d49650621dd320468abc3050a2d7c49144428fb7da9d07c486a

  • SHA512

    10a1928866297461bc26ae937cba157372408015a14823b049a526e81e2281a5e78821a2e383c2c65086965d76eaffc90e7acbe61a2009dd2afa9d6d65736731

  • SSDEEP

    6144:d/urFQUUZM24vXpEvtZNXEcORzKld9830UAhqzaX3pGMKLYjjeZ4GpeV4Lz5GbR4:+LUZM9purdK0q+IYxj4o9Q7OGeNUFx

Score
10/10
gozibankercollectiondiscoverytrojan

Malware Config

Targets

    • Target

      27b34893f16a8d49650621dd320468abc3050a2d7c49144428fb7da9d07c486a

    • Size

      516KB

    • MD5

      c5be10b6e6fb9f60cfbbd5cee5648f9c

    • SHA1

      90fb886f0dee7f7341092ef77cc42195df3dfeea

    • SHA256

      27b34893f16a8d49650621dd320468abc3050a2d7c49144428fb7da9d07c486a

    • SHA512

      10a1928866297461bc26ae937cba157372408015a14823b049a526e81e2281a5e78821a2e383c2c65086965d76eaffc90e7acbe61a2009dd2afa9d6d65736731

    • SSDEEP

      6144:d/urFQUUZM24vXpEvtZNXEcORzKld9830UAhqzaX3pGMKLYjjeZ4GpeV4Lz5GbR4:+LUZM9purdK0q+IYxj4o9Q7OGeNUFx

    Score
    10/10
    gozibankercollectiondiscoverytrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Deletes itself

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks