General
-
Target
3305c317a914b61dbf2d6cadfe845f60b8e54c0c2b66a52e46027dd4b26af2f1
-
Size
388KB
-
Sample
220620-epy96sgcf6
-
MD5
155203d92c9d8514fdea49e38d796a2d
-
SHA1
95730596a750676d8649ced7233f2e6da29a7f0f
-
SHA256
3305c317a914b61dbf2d6cadfe845f60b8e54c0c2b66a52e46027dd4b26af2f1
-
SHA512
6ff8269a57be0a6198f3fd78c154ffd9f96936bf5e248c2208fd9938d6c4174334ce733866312eb71cb6149d1d1b2bd2b55417222d18c8ab118658efabf8c2ea
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
3305c317a914b61dbf2d6cadfe845f60b8e54c0c2b66a52e46027dd4b26af2f1
-
Size
388KB
-
MD5
155203d92c9d8514fdea49e38d796a2d
-
SHA1
95730596a750676d8649ced7233f2e6da29a7f0f
-
SHA256
3305c317a914b61dbf2d6cadfe845f60b8e54c0c2b66a52e46027dd4b26af2f1
-
SHA512
6ff8269a57be0a6198f3fd78c154ffd9f96936bf5e248c2208fd9938d6c4174334ce733866312eb71cb6149d1d1b2bd2b55417222d18c8ab118658efabf8c2ea
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-