General
-
Target
554859fca727ca24661e8a62cd964a673f3df3e8b1746ebb7235ec6c87d14d3e
-
Size
281KB
-
Sample
221002-19qdnaefen
-
MD5
013258b4005484f42888e377f7412fe0
-
SHA1
a48eb0f3adbafb7bb6b3f42c04db797aca60895b
-
SHA256
554859fca727ca24661e8a62cd964a673f3df3e8b1746ebb7235ec6c87d14d3e
-
SHA512
547f7942d5654dbca1b60bb72be466524c352e79347ece837f39ac1932f747d04c3a808f0ca53b52943b2cb8a93d4698599e9d6d98b20d3b35f0c03915b19dd9
-
SSDEEP
6144:EZ8DmM0rMJM19avyU2YGUsPKgUBHHBtTDWN2WC3y:3KMJMup2x5K5Bbl3y
Malware Config
Extracted
gozi_ifsb
1015
lgeywijneyke.us
puqcgfwgmftravot.com
itnnuubvifmaintg.com
rtsnysrusdtbh.net
pkgmvltcjk.org
-
exe_type
worker
-
server_id
8
Targets
-
-
Target
554859fca727ca24661e8a62cd964a673f3df3e8b1746ebb7235ec6c87d14d3e
-
Size
281KB
-
MD5
013258b4005484f42888e377f7412fe0
-
SHA1
a48eb0f3adbafb7bb6b3f42c04db797aca60895b
-
SHA256
554859fca727ca24661e8a62cd964a673f3df3e8b1746ebb7235ec6c87d14d3e
-
SHA512
547f7942d5654dbca1b60bb72be466524c352e79347ece837f39ac1932f747d04c3a808f0ca53b52943b2cb8a93d4698599e9d6d98b20d3b35f0c03915b19dd9
-
SSDEEP
6144:EZ8DmM0rMJM19avyU2YGUsPKgUBHHBtTDWN2WC3y:3KMJMup2x5K5Bbl3y
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-