General
-
Target
2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_x64
-
Size
186KB
-
Sample
221027-aedhhaabc9
-
MD5
b66655073329e82bc7c70dfc3b8d9072
-
SHA1
7de7bbff2ae7b9e6bfe65546c40ad675a03dd36b
-
SHA256
642c7b965505ad416589c0ae31ad737b198517e065eb8d9f65073cbcbe40a130
-
SHA512
d59ccf7106c9c2d73388cf479ed44572c16c128b249783153da5ad9b7446c4bef6d8cb558293a7891443f73e71a169bb385a6ce2a65e216cca8ca94e24ec87ec
-
SSDEEP
3072:+IrsCMRP7NViyWcrdfcP5hmhLGbHz2k/xetTogGyzTiAh3/aOJVlkJ:+IrN+JViy3dfcuLGbaptTogGutaOFkJ
Malware Config
Extracted
gozi_ifsb
1010
supportsstats.com/geodata/version/ip2ext
neteworkgroup.com/geodata/version/ip2ext
highnetwork.pw/geodata/version/ip2ext
lostnetwork.in/geodata/version/ip2ext
sysconnections.net/geodata/version/ip2ext
lansupports.com/geodata/version/ip2ext
-
exe_type
worker
-
server_id
30
Targets
-
-
Target
2e563953d95288b1e36d9b7a556cb71d907510e40df243ec8b9c8ec1903edb13_unpacked_x64
-
Size
186KB
-
MD5
b66655073329e82bc7c70dfc3b8d9072
-
SHA1
7de7bbff2ae7b9e6bfe65546c40ad675a03dd36b
-
SHA256
642c7b965505ad416589c0ae31ad737b198517e065eb8d9f65073cbcbe40a130
-
SHA512
d59ccf7106c9c2d73388cf479ed44572c16c128b249783153da5ad9b7446c4bef6d8cb558293a7891443f73e71a169bb385a6ce2a65e216cca8ca94e24ec87ec
-
SSDEEP
3072:+IrsCMRP7NViyWcrdfcP5hmhLGbHz2k/xetTogGyzTiAh3/aOJVlkJ:+IrN+JViy3dfcuLGbaptTogGutaOFkJ
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-