General
-
Target
bf1c5069af653108fc2413bde9a4b25dff4ea445c7f641984c6fc5322430f660
-
Size
163KB
-
Sample
240625-cddg8avbqc
-
MD5
d4bbd02e0e2f4c7b24b5aeb0a50e3a47
-
SHA1
9dcc3ac21681b2933a747d8bb8aecacb0e2bf933
-
SHA256
bf1c5069af653108fc2413bde9a4b25dff4ea445c7f641984c6fc5322430f660
-
SHA512
a32c66496176f4a09feb5798b15861e724a2307543260c6ec63a9151732d0bfa1b934513ad72027ca93add65148def9cb2e417ea64f6216db96f48321c714a64
-
SSDEEP
1536:PE3YO7Uf7/Y5IRUJFG8NlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:M317eDsIROGyltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
bf1c5069af653108fc2413bde9a4b25dff4ea445c7f641984c6fc5322430f660
-
Size
163KB
-
MD5
d4bbd02e0e2f4c7b24b5aeb0a50e3a47
-
SHA1
9dcc3ac21681b2933a747d8bb8aecacb0e2bf933
-
SHA256
bf1c5069af653108fc2413bde9a4b25dff4ea445c7f641984c6fc5322430f660
-
SHA512
a32c66496176f4a09feb5798b15861e724a2307543260c6ec63a9151732d0bfa1b934513ad72027ca93add65148def9cb2e417ea64f6216db96f48321c714a64
-
SSDEEP
1536:PE3YO7Uf7/Y5IRUJFG8NlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:M317eDsIROGyltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-