General
-
Target
462f6a7560ef2a1a815febebf60b1fcb472a8227d6db05ac09e5266b774c3722
-
Size
134KB
-
Sample
220707-ljdjvabbel
-
MD5
24ba99e7fffa82660f61fcdfc941caa4
-
SHA1
f370c5d65301015f2af35d91d1b3dabab81f8765
-
SHA256
462f6a7560ef2a1a815febebf60b1fcb472a8227d6db05ac09e5266b774c3722
-
SHA512
5c1074465312b21145ff3f7b6145d0b002fc8beb550420a29fc906176bea2a7862c706c9a00532c1a83afc9f53947abce09e12f8908d0fc7c44526994de4ea44
Malware Config
Extracted
gozi_ifsb
1000
tt.zicino.at/rpc
doa.wolexsal.at/rpc
api.xvcbpd.at/rpc
io.tir001.at/rpc
ytruieowphf.bit/rpc
u2.tip4top.at/rpc
vv.ollynot.at/rpc
sq.upstor.at/rpc
api.reg200.at/rpc
cd.iqwoker.at/rpc
qqq.wolexsal.at/rpc
win.zicino.at/rpc
chat.engostol.at/rpc
w2.lolexsal.at/rpc
ya.upstor.at/rpc
mahono.cn/rpc
-
build
217061
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
dns_servers
51.255.48.78
8.8.8.8
51.15.98.97
192.71.245.208
188.165.200.156
193.183.98.66
103.236.162.119
111.67.20.8
207.148.83.241
192.99.85.244
142.4.204.111
192.71.245.208
176.126.70.119
139.99.96.146
-
exe_type
loader
-
server_id
150
Extracted
gozi_ifsb
-
build
217061
Targets
-
-
Target
462f6a7560ef2a1a815febebf60b1fcb472a8227d6db05ac09e5266b774c3722
-
Size
134KB
-
MD5
24ba99e7fffa82660f61fcdfc941caa4
-
SHA1
f370c5d65301015f2af35d91d1b3dabab81f8765
-
SHA256
462f6a7560ef2a1a815febebf60b1fcb472a8227d6db05ac09e5266b774c3722
-
SHA512
5c1074465312b21145ff3f7b6145d0b002fc8beb550420a29fc906176bea2a7862c706c9a00532c1a83afc9f53947abce09e12f8908d0fc7c44526994de4ea44
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-