General

  • Target

    9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55

  • Size

    8.9MB

  • Sample

    250318-jjxavazrw2

  • MD5

    29689832b64151b256c7a5952e29ce57

  • SHA1

    0ad2ce251c6aa5d2d3a6798b3b9d6186c312b9c7

  • SHA256

    9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55

  • SHA512

    e4a42739826bccafc4186168061b8b2cc18bb7ba2fa29b7aab586a35e613703ff8b7159f9439aac31a819a6fb7d84e543b04f5c4273c1e8d8811695e576a0ff5

  • SSDEEP

    196608:7DYkkqfPyOWe3ltFCNTr3tbYWFLg9Z3D7JkaPoq0fmrY1Er6K5gS:7DDkqyc1tgdtovzWagdmrY1tcgS

Malware Config

Extracted

Family

gozi

Targets

    • Target

      9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55

    • Size

      8.9MB

    • MD5

      29689832b64151b256c7a5952e29ce57

    • SHA1

      0ad2ce251c6aa5d2d3a6798b3b9d6186c312b9c7

    • SHA256

      9ff430ca0c4942426345a1162f5769c050f9d80785a6a9e2b559eca491613e55

    • SHA512

      e4a42739826bccafc4186168061b8b2cc18bb7ba2fa29b7aab586a35e613703ff8b7159f9439aac31a819a6fb7d84e543b04f5c4273c1e8d8811695e576a0ff5

    • SSDEEP

      196608:7DYkkqfPyOWe3ltFCNTr3tbYWFLg9Z3D7JkaPoq0fmrY1Er6K5gS:7DDkqyc1tgdtovzWagdmrY1tcgS

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Gozi family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks