General
-
Target
802827f3e930a66db99ce28447dddc40dc68fe64ad250c649553920693e5532a
-
Size
163KB
-
Sample
240623-alrnpsvhlq
-
MD5
02c10de4fa293a2309787739581dafd9
-
SHA1
ada9a1c99e451d73ec9aa98abf8ea7c2f4998edb
-
SHA256
802827f3e930a66db99ce28447dddc40dc68fe64ad250c649553920693e5532a
-
SHA512
12f7f84595476b7d84b8d08c2e67f2bc7800343774e83166ad5c5a97484a99692307e489acf3ea4dacda4d3293fda4c2b20d5560eb4e26f9086df275b258343b
-
SSDEEP
1536:PDA4lOzP7SbRfzaGGVwaqs23VQlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:U4AzjSVaGmwaYQltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
802827f3e930a66db99ce28447dddc40dc68fe64ad250c649553920693e5532a
-
Size
163KB
-
MD5
02c10de4fa293a2309787739581dafd9
-
SHA1
ada9a1c99e451d73ec9aa98abf8ea7c2f4998edb
-
SHA256
802827f3e930a66db99ce28447dddc40dc68fe64ad250c649553920693e5532a
-
SHA512
12f7f84595476b7d84b8d08c2e67f2bc7800343774e83166ad5c5a97484a99692307e489acf3ea4dacda4d3293fda4c2b20d5560eb4e26f9086df275b258343b
-
SSDEEP
1536:PDA4lOzP7SbRfzaGGVwaqs23VQlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:U4AzjSVaGmwaYQltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-