General
-
Target
32b415619fa55b18681cf71becec927a8d51e47e9005699808a8dfee0f1e85eb
-
Size
519KB
-
Sample
221125-dkngfabc4s
-
MD5
bb58a8b53de601ea988fd59a3936269c
-
SHA1
d5dd36f0c049674d4e9543e4029d0b5c93190635
-
SHA256
32b415619fa55b18681cf71becec927a8d51e47e9005699808a8dfee0f1e85eb
-
SHA512
eca79e2bd5c95de2d4ffeb338dd4ed3e8282155aa39236e401fc10c047a53f3448a0abeb660bfa16a3422c3a7d5d01a3cfe3afabc720b8a1d300ab262065a6a6
-
SSDEEP
12288:hq054W6lCMdPpHYk6qHeitmW0sTl0c8DdxLPbV:AG6hnHL6ngjbvyTV
Malware Config
Extracted
gozi
Targets
-
-
Target
32b415619fa55b18681cf71becec927a8d51e47e9005699808a8dfee0f1e85eb
-
Size
519KB
-
MD5
bb58a8b53de601ea988fd59a3936269c
-
SHA1
d5dd36f0c049674d4e9543e4029d0b5c93190635
-
SHA256
32b415619fa55b18681cf71becec927a8d51e47e9005699808a8dfee0f1e85eb
-
SHA512
eca79e2bd5c95de2d4ffeb338dd4ed3e8282155aa39236e401fc10c047a53f3448a0abeb660bfa16a3422c3a7d5d01a3cfe3afabc720b8a1d300ab262065a6a6
-
SSDEEP
12288:hq054W6lCMdPpHYk6qHeitmW0sTl0c8DdxLPbV:AG6hnHL6ngjbvyTV
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-