General
-
Target
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_unpacked
-
Size
277KB
-
Sample
221027-abyz2aabbn
-
MD5
960a14f61af3e94c0702736f097dab03
-
SHA1
0f0d1e38b522de60976a229872d7691cd1288f73
-
SHA256
9801ea6ea41220f101cbeca1cd3a2bbb033ccb9f04b3e121b62c47b2cb4112cc
-
SHA512
500df57c19673f93039341f697ac9e93e17e659b225e9736d496b7dfa7248e7f014add640ebbb22e07a45db779181db82f36f92a7ab20a6ab95cd79c6cd9a10a
-
SSDEEP
6144:7RWLJJp6tgWJLsnp5TlovshucMRuDdIGptJqlalRtNwh8zGd34:IFJeCTTc8uyiGptJqglfNwhRI
Malware Config
Extracted
gozi_ifsb
2002
test1.ru
-
dga_base_url
opensource.apple.com/source/Security/Security-29/SecureTransport/LICENSE.txt?txt
-
dga_crc
0x6f0b167a
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_unpacked
-
Size
277KB
-
MD5
960a14f61af3e94c0702736f097dab03
-
SHA1
0f0d1e38b522de60976a229872d7691cd1288f73
-
SHA256
9801ea6ea41220f101cbeca1cd3a2bbb033ccb9f04b3e121b62c47b2cb4112cc
-
SHA512
500df57c19673f93039341f697ac9e93e17e659b225e9736d496b7dfa7248e7f014add640ebbb22e07a45db779181db82f36f92a7ab20a6ab95cd79c6cd9a10a
-
SSDEEP
6144:7RWLJJp6tgWJLsnp5TlovshucMRuDdIGptJqlalRtNwh8zGd34:IFJeCTTc8uyiGptJqglfNwhRI
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-