General
-
Target
185f735b927586122525869fb3b73133a2d9285de065fd29f7a3b25aeb3837fc
-
Size
163KB
-
Sample
240701-xt6h6avajc
-
MD5
f840f8710174e6fa27fa7dc80afddba0
-
SHA1
cf33b7b02befebfd90ca378ac33caa3f16d8abe1
-
SHA256
185f735b927586122525869fb3b73133a2d9285de065fd29f7a3b25aeb3837fc
-
SHA512
e200b7d53ecb925a051759e34b89817e0647c22d54fd8c648e9c94e7661c6f51abc4d074baa4e16660df401b9d73de01573979ba94fb4efa1c1bbc62aa360fc7
-
SSDEEP
3072:ppWkyp5VOwQ5wJKefz7oltOrWKDBr+yJb:pXlwQ5w1z7oLOf
Malware Config
Extracted
gozi
Targets
-
-
Target
185f735b927586122525869fb3b73133a2d9285de065fd29f7a3b25aeb3837fc
-
Size
163KB
-
MD5
f840f8710174e6fa27fa7dc80afddba0
-
SHA1
cf33b7b02befebfd90ca378ac33caa3f16d8abe1
-
SHA256
185f735b927586122525869fb3b73133a2d9285de065fd29f7a3b25aeb3837fc
-
SHA512
e200b7d53ecb925a051759e34b89817e0647c22d54fd8c648e9c94e7661c6f51abc4d074baa4e16660df401b9d73de01573979ba94fb4efa1c1bbc62aa360fc7
-
SSDEEP
3072:ppWkyp5VOwQ5wJKefz7oltOrWKDBr+yJb:pXlwQ5w1z7oLOf
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-