General
-
Target
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_unpacked_x64
-
Size
365KB
-
Sample
221027-abzlkaabb9
-
MD5
7f3bb08e029327bf72614a321d168fc5
-
SHA1
11318142a225eeb3df6800123318a89128cbd64f
-
SHA256
315208c0c02409b64d45dbc1e09588e1fda3ff2a0919c118aa927e8168206881
-
SHA512
06a541ee3e3504300d4448ac9d1ff9086f5bd887df278376d5c518ccf4ab295aa399e16bc984b306e11e55d63ede18860371cd38548512d1f8c2b682db05df4e
-
SSDEEP
6144:FpCXhArO/UtJ3CAa2oyd8JBglTn3C0nt6e2J62hv4QpoHo0BpqnBVKXClZ5L:FpXrOM/Ha2oyd8YTn3CpP6IgQpoHo0Bk
Malware Config
Extracted
gozi_ifsb
2002
test1.ru
-
build
216843
-
dga_base_url
opensource.apple.com/source/Security/Security-29/SecureTransport/LICENSE.txt?txt
-
dga_crc
0x6f0b167a
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
25bdab9cf1c2dbb6e96e1b0797a4facaa0c3469164f1653328e4357fb421e061_unpacked_x64
-
Size
365KB
-
MD5
7f3bb08e029327bf72614a321d168fc5
-
SHA1
11318142a225eeb3df6800123318a89128cbd64f
-
SHA256
315208c0c02409b64d45dbc1e09588e1fda3ff2a0919c118aa927e8168206881
-
SHA512
06a541ee3e3504300d4448ac9d1ff9086f5bd887df278376d5c518ccf4ab295aa399e16bc984b306e11e55d63ede18860371cd38548512d1f8c2b682db05df4e
-
SSDEEP
6144:FpCXhArO/UtJ3CAa2oyd8JBglTn3C0nt6e2J62hv4QpoHo0BpqnBVKXClZ5L:FpXrOM/Ha2oyd8YTn3CpP6IgQpoHo0Bk
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-