General
-
Target
2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked
-
Size
146KB
-
Sample
221027-ab1tmaabck
-
MD5
9b14a37463b58a73d05d34adf8003ef7
-
SHA1
71b3581a17acc5112c4a9fcc9957ca0bdd54ab8a
-
SHA256
90a75fcaa0c8da7865da027c84793cdfdef64d26d3ac7172ea8bbce2e63f4c15
-
SHA512
462bb96e9359e4dec8814ec8ec8d6f96cc56f6804c488eb26a7e183e22d56f9fa97705e6ac3dba7cf9dee30da1e3326aef31be1087ba805bfe3dd77f6ba038c9
-
SSDEEP
3072:pLdrePUath0c2HxGLLRQy2Ty1qlalXnGv+Zhc2t3zJnmWpH0/p:pdrezthd2HxyLRQvTgqlalJDt3zJnmWp
Malware Config
Extracted
gozi_ifsb
1010
supportsstats.com/geodata/version/ip2ext
neteworkgroup.com/geodata/version/ip2ext
highnetwork.pw/geodata/version/ip2ext
lostnetwork.in/geodata/version/ip2ext
sysconnections.net/geodata/version/ip2ext
lansupports.com/geodata/version/ip2ext
-
build
212578
-
exe_type
worker
-
server_id
30
Targets
-
-
Target
2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked
-
Size
146KB
-
MD5
9b14a37463b58a73d05d34adf8003ef7
-
SHA1
71b3581a17acc5112c4a9fcc9957ca0bdd54ab8a
-
SHA256
90a75fcaa0c8da7865da027c84793cdfdef64d26d3ac7172ea8bbce2e63f4c15
-
SHA512
462bb96e9359e4dec8814ec8ec8d6f96cc56f6804c488eb26a7e183e22d56f9fa97705e6ac3dba7cf9dee30da1e3326aef31be1087ba805bfe3dd77f6ba038c9
-
SSDEEP
3072:pLdrePUath0c2HxGLLRQy2Ty1qlalXnGv+Zhc2t3zJnmWpH0/p:pdrezthd2HxyLRQvTgqlalJDt3zJnmWp
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-