General
-
Target
71d9e57d89e3860945c8387a30003019db562b400b8622fa016269344179193e
-
Size
1.1MB
-
Sample
220701-f993vaebeq
-
MD5
8f0ffcd74556bcc700158d38e02b00ee
-
SHA1
8e8706b6394a205eb4cb5d23dcb1f5fe5a0bafab
-
SHA256
71d9e57d89e3860945c8387a30003019db562b400b8622fa016269344179193e
-
SHA512
eab7b400a0288a725196904228d38466efa6f0a120666781dee2fae0ac34f5275eb628e7a06af73f4fefec6d18e21e972c3e5cb133541809876daa4d52ea0517
Malware Config
Extracted
gozi_ifsb
1000
http://ey7kuuklgieop2pq.onion
http://shoshanna.at
http://buismashallah.at
-
build
217027
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
71d9e57d89e3860945c8387a30003019db562b400b8622fa016269344179193e
-
Size
1.1MB
-
MD5
8f0ffcd74556bcc700158d38e02b00ee
-
SHA1
8e8706b6394a205eb4cb5d23dcb1f5fe5a0bafab
-
SHA256
71d9e57d89e3860945c8387a30003019db562b400b8622fa016269344179193e
-
SHA512
eab7b400a0288a725196904228d38466efa6f0a120666781dee2fae0ac34f5275eb628e7a06af73f4fefec6d18e21e972c3e5cb133541809876daa4d52ea0517
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-