General
-
Target
e0b15c5b68a21db7a86f92689c5df63d343a52e3e7b09d19f3ffbf941b32c4d1
-
Size
112KB
-
Sample
220201-kxcn2abghl
-
MD5
c0cbf06683d1011a23ef43d8305357dd
-
SHA1
a97c5c84b5830b007b886122dc0df33005f0d9d9
-
SHA256
e0b15c5b68a21db7a86f92689c5df63d343a52e3e7b09d19f3ffbf941b32c4d1
-
SHA512
55750ab9ee0039f1feebb1ddc1671e5b98633b319ab019a72adbee2dc89c2debef5a0ac2866b1db593827b50c193e1163c76a0d735c1dbafa01b3ed9be08b31b
Malware Config
Extracted
gozi_ifsb
5500
df1.kamalak.at/wpx
api3.lamanak.at/wpx
-
build
250143
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
120
Targets
-
-
Target
e0b15c5b68a21db7a86f92689c5df63d343a52e3e7b09d19f3ffbf941b32c4d1
-
Size
112KB
-
MD5
c0cbf06683d1011a23ef43d8305357dd
-
SHA1
a97c5c84b5830b007b886122dc0df33005f0d9d9
-
SHA256
e0b15c5b68a21db7a86f92689c5df63d343a52e3e7b09d19f3ffbf941b32c4d1
-
SHA512
55750ab9ee0039f1feebb1ddc1671e5b98633b319ab019a72adbee2dc89c2debef5a0ac2866b1db593827b50c193e1163c76a0d735c1dbafa01b3ed9be08b31b
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)
-
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)
-
Sets service image path in registry
-