General
-
Target
baca8e5902477e73f3a217e6556a8daf8c63e45ee4b372e0af1def6e27b03825
-
Size
151KB
-
Sample
220201-lcavdacahj
-
MD5
c0a6e8e01a824ac7c94aa3f00e154c89
-
SHA1
70f713ee19d9dbebf85f6d5c5d360ef06a22b8b0
-
SHA256
baca8e5902477e73f3a217e6556a8daf8c63e45ee4b372e0af1def6e27b03825
-
SHA512
706c09c652e03a3dc318f0ccab2bfad48acd5c6150af77887424cc6809eddfd3f435a2de0daaacee4dcf394ee9dfa1a368d31569b2b4ecae625dc7c9d90a60f2
Malware Config
Extracted
gozi_ifsb
1010
sys.cwthecw.com/bcms/assets/img
sys.whyblacklivesmatter.org/bcms/assets/img
sys.mohitsagarmusic.com/bcms/assets/img
lansystemstat.com/bcms/assets/img
highnetwork.pw/bcms/assets/img
lostnetwork.in/bcms/assets/img
sysconnections.net/bcms/assets/img
lansupports.com/bcms/assets/img
-
exe_type
worker
-
server_id
35
Targets
-
-
Target
baca8e5902477e73f3a217e6556a8daf8c63e45ee4b372e0af1def6e27b03825
-
Size
151KB
-
MD5
c0a6e8e01a824ac7c94aa3f00e154c89
-
SHA1
70f713ee19d9dbebf85f6d5c5d360ef06a22b8b0
-
SHA256
baca8e5902477e73f3a217e6556a8daf8c63e45ee4b372e0af1def6e27b03825
-
SHA512
706c09c652e03a3dc318f0ccab2bfad48acd5c6150af77887424cc6809eddfd3f435a2de0daaacee4dcf394ee9dfa1a368d31569b2b4ecae625dc7c9d90a60f2
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Sets service image path in registry
-