General
-
Target
a3f8e24c4efd58961cbabc87fdc535b5e6c9ea422a6dc6173bbebd8932ff2579
-
Size
163KB
-
Sample
240626-22txjsygra
-
MD5
bf2758d56770a553ad272626d4c04569
-
SHA1
af6d33556104583f9b86e17370c7a485a29e54c1
-
SHA256
a3f8e24c4efd58961cbabc87fdc535b5e6c9ea422a6dc6173bbebd8932ff2579
-
SHA512
7a8de813ab471c59c7fa912f83ae11d3ced6ebb64e79d6f80ad0ce60d7216c9eb74cca2624f5c9df231ca379554d16291f61d059203fb1d7275cad3a46fed1b3
-
SSDEEP
3072:xmW9kz9Y9Gi2pTxHUbjlltOrWKDBr+yJb:xmmgYEtpTxa5LOf
Malware Config
Extracted
gozi
Targets
-
-
Target
a3f8e24c4efd58961cbabc87fdc535b5e6c9ea422a6dc6173bbebd8932ff2579
-
Size
163KB
-
MD5
bf2758d56770a553ad272626d4c04569
-
SHA1
af6d33556104583f9b86e17370c7a485a29e54c1
-
SHA256
a3f8e24c4efd58961cbabc87fdc535b5e6c9ea422a6dc6173bbebd8932ff2579
-
SHA512
7a8de813ab471c59c7fa912f83ae11d3ced6ebb64e79d6f80ad0ce60d7216c9eb74cca2624f5c9df231ca379554d16291f61d059203fb1d7275cad3a46fed1b3
-
SSDEEP
3072:xmW9kz9Y9Gi2pTxHUbjlltOrWKDBr+yJb:xmmgYEtpTxa5LOf
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-