General
-
Target
3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked
-
Size
154KB
-
Sample
221027-aee2bsabdm
-
MD5
47ff8d660f5e9f9f3fe90f1e87403538
-
SHA1
07238187fe576b022a149172cb1653625c377cd2
-
SHA256
ffde622e1ebf2ded6fe1ad3e22a1ea11c3b3944eac2278277ca186facc4457bf
-
SHA512
571a5220f2757b872a63b4c42b5682fdfbc8bd391522d0d4eef611b55a5ca0c6a2253ee1075f260ad2db083722bb63d18aa02f2d6d76d4f5f604217be5aea375
-
SSDEEP
3072:FOt39ZNj9tlzA458K4cs04gZqNWFzSPeuwDqlalXn/fDXqJj0oy9oV13:ytZN9gCs0uNWFziwDqlalvDqJd
Malware Config
Extracted
gozi_ifsb
1100
cyajon.at/krp3cmg
hipohook.cn/krp3cmg
rokolero.at/krp3cmg
arexan.at/krp3cmg
voligon.cn/krp3cmg
qwevigoc.at/krp3cmg
comerail.su/krp3cmg
boombom.at/krp3cmg
xiloker.cn/krp3cmg
xorewopa.at/krp3cmg
goinumder.su/krp3cmg
ribomoon.cn/krp3cmg
ambikooly.at/krp3cmg
therepalon.su/krp3cmg
chikoole.cn/krp3cmg
-
exe_type
worker
-
server_id
110
Targets
-
-
Target
3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked
-
Size
154KB
-
MD5
47ff8d660f5e9f9f3fe90f1e87403538
-
SHA1
07238187fe576b022a149172cb1653625c377cd2
-
SHA256
ffde622e1ebf2ded6fe1ad3e22a1ea11c3b3944eac2278277ca186facc4457bf
-
SHA512
571a5220f2757b872a63b4c42b5682fdfbc8bd391522d0d4eef611b55a5ca0c6a2253ee1075f260ad2db083722bb63d18aa02f2d6d76d4f5f604217be5aea375
-
SSDEEP
3072:FOt39ZNj9tlzA458K4cs04gZqNWFzSPeuwDqlalXn/fDXqJj0oy9oV13:ytZN9gCs0uNWFziwDqlalvDqJd
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-