General
-
Target
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666
-
Size
388KB
-
Sample
220625-eg7lksdbhk
-
MD5
44e4017f47dce2d2925124bb2116166c
-
SHA1
f5efde405de07ca60afe67ee6f5e53538195fd23
-
SHA256
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666
-
SHA512
be68a64aee0a1d5241012d5cde84432274d08217628ab65e131e842e29c33b382ff5c3b4d390cf4a493b4304ae6ba06f1547e02eb22099b27a85135553cf2a75
Malware Config
Extracted
gozi_ifsb
1010
diuolirt.at
deopliazae.at
nifredao.com
filokiyurt.at
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666
-
Size
388KB
-
MD5
44e4017f47dce2d2925124bb2116166c
-
SHA1
f5efde405de07ca60afe67ee6f5e53538195fd23
-
SHA256
3a6c4a466f072c8fb1b98dad22a2d66b9433261f515fafb21427755b5bd1d666
-
SHA512
be68a64aee0a1d5241012d5cde84432274d08217628ab65e131e842e29c33b382ff5c3b4d390cf4a493b4304ae6ba06f1547e02eb22099b27a85135553cf2a75
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-