General
-
Target
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061
-
Size
676KB
-
Sample
221027-abydhaabbm
-
MD5
644c7a78a572d45d8af45d94e6a57e40
-
SHA1
0b3e29129dc20a87a166ade006bf8f1cbd9b8300
-
SHA256
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061
-
SHA512
7dfbe61d11077a254d13d869b888c22d2e02b82c6ae8d75f04f7683d5eca7aecc8e00de740e094f197ae2f1ebd6319c3c162dc1e1e9c20ec36f7a2bddab3ce33
-
SSDEEP
12288:Zv75bu3S23LN8wa7yelFRNuQ7TdC1ryYrKTP5uSZPnMll:J75E732wujXbzFZil
Malware Config
Extracted
gozi_ifsb
2002
test1.ru
-
build
216843
-
dga_base_url
opensource.apple.com/source/Security/Security-29/SecureTransport/LICENSE.txt?txt
-
dga_crc
0x6f0b167a
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061
-
Size
676KB
-
MD5
644c7a78a572d45d8af45d94e6a57e40
-
SHA1
0b3e29129dc20a87a166ade006bf8f1cbd9b8300
-
SHA256
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061
-
SHA512
7dfbe61d11077a254d13d869b888c22d2e02b82c6ae8d75f04f7683d5eca7aecc8e00de740e094f197ae2f1ebd6319c3c162dc1e1e9c20ec36f7a2bddab3ce33
-
SSDEEP
12288:Zv75bu3S23LN8wa7yelFRNuQ7TdC1ryYrKTP5uSZPnMll:J75E732wujXbzFZil
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-