General
-
Target
3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked_x64
-
Size
196KB
-
Sample
221027-aefb4aabd6
-
MD5
f677bb3ee8812c02f64b37624b6e0360
-
SHA1
10919b983ad9323beb331c94a2f057eaa22107b0
-
SHA256
713a22d40b69ce759e3860bbdae3ec2ad53a5256c573aace0e6b8d9be06ecf80
-
SHA512
1fdae1ca1cbf4a97acaa4b995459633668d94604d1e84f33c7ed22aa0a4f9e481586659390c8def65c41f97ddda04765987810a095d4a1cd86246d7c2fcd1e54
-
SSDEEP
3072:5/5JjVkzCrR73kBTWY32mUcFsE0oDeqFV8g5Du/QC2vd10nnK:5DjuzC173RY3FGoKqFN8/u0n
Malware Config
Extracted
gozi_ifsb
1100
cyajon.at/krp3cmg
hipohook.cn/krp3cmg
rokolero.at/krp3cmg
arexan.at/krp3cmg
voligon.cn/krp3cmg
qwevigoc.at/krp3cmg
comerail.su/krp3cmg
boombom.at/krp3cmg
xiloker.cn/krp3cmg
xorewopa.at/krp3cmg
goinumder.su/krp3cmg
ribomoon.cn/krp3cmg
ambikooly.at/krp3cmg
therepalon.su/krp3cmg
chikoole.cn/krp3cmg
-
build
214837
-
exe_type
worker
-
server_id
110
Targets
-
-
Target
3a252ac37d78baad0a81242c0cb2bd68208c12267aa87d3cd3c5d594f1de27a5_unpacked_x64
-
Size
196KB
-
MD5
f677bb3ee8812c02f64b37624b6e0360
-
SHA1
10919b983ad9323beb331c94a2f057eaa22107b0
-
SHA256
713a22d40b69ce759e3860bbdae3ec2ad53a5256c573aace0e6b8d9be06ecf80
-
SHA512
1fdae1ca1cbf4a97acaa4b995459633668d94604d1e84f33c7ed22aa0a4f9e481586659390c8def65c41f97ddda04765987810a095d4a1cd86246d7c2fcd1e54
-
SSDEEP
3072:5/5JjVkzCrR73kBTWY32mUcFsE0oDeqFV8g5Du/QC2vd10nnK:5DjuzC173RY3FGoKqFN8/u0n
Score10/10-
Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
-