Overview

overview

10

Static

static

3

cfbda60b41...bf.exe

windows7-x64

10

cfbda60b41...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfbda60b41957281f42c90924188be1ff8337c99b930b12eb5e536ffb648b0bf

  • Size

    163KB

  • Sample

    240704-efpdlsvepb

  • MD5

    bdfef621a25f84ff1380cc9ab5c26010

  • SHA1

    791236a80218ccb65f9e17ce2da8451a900b2bac

  • SHA256

    cfbda60b41957281f42c90924188be1ff8337c99b930b12eb5e536ffb648b0bf

  • SHA512

    fd0c47898d5859e5051d7412ef1c91a077420f9b7ae9ec59d4a52c06f4d9b4ac4f5cedbf9893deadfb4805767798da06cd5e0ceb5e3ec4304482016016595c10

  • SSDEEP

    3072:U/hZ5OeZZc2v4ONmugQF/PltOrWKDBr+yJb:U//m5Q/PLOf

Score
10/10
gozibankerisfbpersistencetrojan

Malware Config

Extracted

Family

gozi

Targets

    • Target

      cfbda60b41957281f42c90924188be1ff8337c99b930b12eb5e536ffb648b0bf

    • Size

      163KB

    • MD5

      bdfef621a25f84ff1380cc9ab5c26010

    • SHA1

      791236a80218ccb65f9e17ce2da8451a900b2bac

    • SHA256

      cfbda60b41957281f42c90924188be1ff8337c99b930b12eb5e536ffb648b0bf

    • SHA512

      fd0c47898d5859e5051d7412ef1c91a077420f9b7ae9ec59d4a52c06f4d9b4ac4f5cedbf9893deadfb4805767798da06cd5e0ceb5e3ec4304482016016595c10

    • SSDEEP

      3072:U/hZ5OeZZc2v4ONmugQF/PltOrWKDBr+yJb:U//m5Q/PLOf

    Score
    10/10
    gozibankerisfbpersistencetrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks