General
-
Target
38bc7c11d07203605fa171228833357fe0694114d8773f426a45e44b065fa100.exe
-
Size
163KB
-
Sample
240703-etyt7sxapa
-
MD5
feb182ac0f2889485f9637bfb7db5bb0
-
SHA1
a1bd912048d7aab5153691e2fff35ce1f66ab423
-
SHA256
38bc7c11d07203605fa171228833357fe0694114d8773f426a45e44b065fa100
-
SHA512
8c40b92c082a512078e12317af3c594b7351a7fadea06637b6818321d157003bfc2459f51cf3c2dc31420e582eceb66128a271682ee022be0870958b92c4e4e6
-
SSDEEP
1536:PLDUImg7gitTA4wtt8i1MlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:TDUIh8KWtt8i6ltOrWKDBr+yJb
Malware Config
Extracted
gozi
Targets
-
-
Target
38bc7c11d07203605fa171228833357fe0694114d8773f426a45e44b065fa100.exe
-
Size
163KB
-
MD5
feb182ac0f2889485f9637bfb7db5bb0
-
SHA1
a1bd912048d7aab5153691e2fff35ce1f66ab423
-
SHA256
38bc7c11d07203605fa171228833357fe0694114d8773f426a45e44b065fa100
-
SHA512
8c40b92c082a512078e12317af3c594b7351a7fadea06637b6818321d157003bfc2459f51cf3c2dc31420e582eceb66128a271682ee022be0870958b92c4e4e6
-
SSDEEP
1536:PLDUImg7gitTA4wtt8i1MlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVU:TDUIh8KWtt8i6ltOrWKDBr+yJb
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-