General
-
Target
39291f03b3f4b0230fb3920f36e6d260a8f0f498c1fb597a426981cfb0fa0857
-
Size
1.1MB
-
Sample
230129-zyt22aed3t
-
MD5
eca15499ba78aa5aaf8d3ad2311ec097
-
SHA1
d30a04f76ad83f643342238411e5aebaef0b3442
-
SHA256
39291f03b3f4b0230fb3920f36e6d260a8f0f498c1fb597a426981cfb0fa0857
-
SHA512
2f34444ea9504a26bbba3748723737766f51cb83d94df375b15e423492424d50f4cc5b80ad8524f023e38cd5de6faf42b47b4f4b21de0386bc7154ccd21807bf
-
SSDEEP
24576:i30ixqmP/+GZgTXrHJB+pffKUmHaRLNW0wfpKncbBWZtxjB/s69vTGxUcbrJOBPO:i30ixj/aTXrH7+pHKUmHeLNW0wBKnc4s
Malware Config
Extracted
gozi
Extracted
gozi
1000
http://ey7kuuklgieop2pq.onion
http://drunt.at
http://news-deck.at
http://taslks.at
-
build
217107
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
39291f03b3f4b0230fb3920f36e6d260a8f0f498c1fb597a426981cfb0fa0857
-
Size
1.1MB
-
MD5
eca15499ba78aa5aaf8d3ad2311ec097
-
SHA1
d30a04f76ad83f643342238411e5aebaef0b3442
-
SHA256
39291f03b3f4b0230fb3920f36e6d260a8f0f498c1fb597a426981cfb0fa0857
-
SHA512
2f34444ea9504a26bbba3748723737766f51cb83d94df375b15e423492424d50f4cc5b80ad8524f023e38cd5de6faf42b47b4f4b21de0386bc7154ccd21807bf
-
SSDEEP
24576:i30ixqmP/+GZgTXrHJB+pffKUmHaRLNW0wfpKncbBWZtxjB/s69vTGxUcbrJOBPO:i30ixj/aTXrH7+pHKUmHeLNW0wBKnc4s
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-