General
-
Target
26c434ac54b9c21dfd6a43878089bcaf96615f65470042c911416aff1c4e9e8d
-
Size
627KB
-
Sample
220616-h8qc6aggbr
-
MD5
b1dcafe393e89ec13270932ad8f868e7
-
SHA1
0c42f80d31d767007290ca51b866dc90622cd309
-
SHA256
26c434ac54b9c21dfd6a43878089bcaf96615f65470042c911416aff1c4e9e8d
-
SHA512
465a4a690fdb7087d1801fb81101e4f69811a7f7068f191e3df0b0375931e907ad9475ceabbf46a0ea41749b695ba21f6202aa31bcaa40d41c4f0cd9462ab076
Malware Config
Extracted
gozi_ifsb
2000
api2.doter.at/webstore
beetfeetlife.bit/webstore
in.extermas.at/webstore
d6djf2vtjv5kowow.onion/webstore
asx.zaronif.at/webstore
g2.ex100p.at/webstore
gif.doter.at/webstore
extra.avareg.cn/webstore
vo5vuw5tdkqetax4.onion/webstore
foo.avaregio.at/webstore
op.iovbased.at/webstore
ws.doter.at/webstore
f1.cnboal.at/webstore
zq4aggr2i6hmklgd.onion/webstore
xxx.doolap.at/webstore
-
build
217050
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
51.255.48.78
8.8.8.8
192.71.245.208
178.17.170.179
193.183.98.66
207.148.83.241
111.67.20.8
103.236.162.119
142.4.205.47
213.136.85.253
159.89.249.249
82.196.9.45
-
exe_type
worker
-
server_id
550
Targets
-
-
Target
26c434ac54b9c21dfd6a43878089bcaf96615f65470042c911416aff1c4e9e8d
-
Size
627KB
-
MD5
b1dcafe393e89ec13270932ad8f868e7
-
SHA1
0c42f80d31d767007290ca51b866dc90622cd309
-
SHA256
26c434ac54b9c21dfd6a43878089bcaf96615f65470042c911416aff1c4e9e8d
-
SHA512
465a4a690fdb7087d1801fb81101e4f69811a7f7068f191e3df0b0375931e907ad9475ceabbf46a0ea41749b695ba21f6202aa31bcaa40d41c4f0cd9462ab076
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-