General
-
Target
18064dd4c6e7315607c208adfcb4467914cbe71fa7091e1f3ec214bf7ceaeec5
-
Size
268KB
-
Sample
220608-xerrfsgea2
-
MD5
da892cd0fb6a601fdec4e3eb68d331b7
-
SHA1
7a921e83a21297c8886a0f0b09e5c86ad8e42d74
-
SHA256
18064dd4c6e7315607c208adfcb4467914cbe71fa7091e1f3ec214bf7ceaeec5
-
SHA512
27c61667dc6174c2fa606b7493a207d47a15531b84d0ec4cad933c520068de089eca7a805a6ff1a6cd7e884ffed4e699499320e72352af674b327d740a846a54
Malware Config
Extracted
gozi_ifsb
2000
g2.ex100p.at/webstore
beetfeetlife.bit/webstore
ww1.yahtool.at/webstore
ax.ikobut.at/webstore
ww3.aradoom.at/webstore
extra.avareg.cn/webstore
api.ex100p.at/webstore
foo.avaregio.at/webstore
api.loogviv.at/webstore
f1.cnboal.at/webstore
chat.votari.at/webstore
core.cnboal.at/webstore
cdn4.pronhat.at/webstore
-
build
217061
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
193.183.98.66
91.217.137.37
192.71.245.208
8.8.8.8
178.17.170.179
82.196.9.45
151.80.222.79
68.183.70.217
217.144.135.7
158.69.160.164
207.148.83.241
5.189.170.196
217.144.132.148
94.247.43.254
188.165.200.156
159.89.249.249
150.249.149.222
-
exe_type
loader
-
server_id
550
Targets
-
-
Target
18064dd4c6e7315607c208adfcb4467914cbe71fa7091e1f3ec214bf7ceaeec5
-
Size
268KB
-
MD5
da892cd0fb6a601fdec4e3eb68d331b7
-
SHA1
7a921e83a21297c8886a0f0b09e5c86ad8e42d74
-
SHA256
18064dd4c6e7315607c208adfcb4467914cbe71fa7091e1f3ec214bf7ceaeec5
-
SHA512
27c61667dc6174c2fa606b7493a207d47a15531b84d0ec4cad933c520068de089eca7a805a6ff1a6cd7e884ffed4e699499320e72352af674b327d740a846a54
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-