General
-
Target
dbb714ebcc99a7dd726baf2308227766ada87c5124e9cd87ab9a49765e67213e
-
Size
438KB
-
Sample
221127-r6zcqaeg35
-
MD5
bd146c53e189dee8c636aaf896a899a3
-
SHA1
bcdf3a2037d01843f712bf689e868a5ed4ebf1e7
-
SHA256
dbb714ebcc99a7dd726baf2308227766ada87c5124e9cd87ab9a49765e67213e
-
SHA512
2e73e03536580c4311836fc25bbb1797822f88ccf14803520df68ac69ab00d943b1e09d3329299da2d6d7ad8fa1acabcf3ca106aea24ea2ca5895d9b73593cc8
-
SSDEEP
6144:AL86dm49PN7IbBZDDraZgV7C3J1qVghOUdObhE5Ip2LZrnyGKdxW:b6dnz7sJDr8gV0gVgIbhEX0PxW
Malware Config
Extracted
gozi
Targets
-
-
Target
dbb714ebcc99a7dd726baf2308227766ada87c5124e9cd87ab9a49765e67213e
-
Size
438KB
-
MD5
bd146c53e189dee8c636aaf896a899a3
-
SHA1
bcdf3a2037d01843f712bf689e868a5ed4ebf1e7
-
SHA256
dbb714ebcc99a7dd726baf2308227766ada87c5124e9cd87ab9a49765e67213e
-
SHA512
2e73e03536580c4311836fc25bbb1797822f88ccf14803520df68ac69ab00d943b1e09d3329299da2d6d7ad8fa1acabcf3ca106aea24ea2ca5895d9b73593cc8
-
SSDEEP
6144:AL86dm49PN7IbBZDDraZgV7C3J1qVghOUdObhE5Ip2LZrnyGKdxW:b6dnz7sJDr8gV0gVgIbhEX0PxW
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-