General
-
Target
M7R66548.dll
-
Size
392KB
-
Sample
230524-xlarhsec42
-
MD5
8312982dec68276f075d10db0ac1d925
-
SHA1
b16e2d37c82995bfe4c43088a7e783017f32f7fe
-
SHA256
4ae9a38d6dbddba6d706e92516fc0df4c3d6e899bb280b1a06e4c599cf8ce845
-
SHA512
dc93f98703761c7c79e59ebaa658c0c0de6d5b224904e89b3c0ea4046427f8121f7f2427840630e978443d109f527d200f278e500cecb648dd9f1837b44ad807
-
SSDEEP
6144:0dEeK8q1pXMgSpChXg7ruJZRiSE4P+R6pTHQu46JLrlTBtwtY6P97KhTEalgt6a+:lHlMlpzUx5Oi7TraJFcDlgt6a
Malware Config
Extracted
gozi
Extracted
gozi
20000
chick.bing.com
http://79.132.129.207
http://94.247.42.106
http://94.247.42.79
http://185.212.44.76
http://45.155.249.200
http://45.155.250.216
-
base_path
/zerotohero/
-
build
250257
-
exe_type
loader
-
extension
.asi
-
server_id
50
Extracted
gozi
20000
chick.bing.com
http://79.132.135.249
http://45.155.249.47
http://31.214.157.160
http://45.155.250.55
http://45.11.180.140
http://45.155.250.217
http://45.155.249.49
-
base_path
/zerotohero/
-
build
250257
-
exe_type
worker
-
extension
.asi
-
server_id
50
Targets
-
-
Target
M7R66548.dll
-
Size
392KB
-
MD5
8312982dec68276f075d10db0ac1d925
-
SHA1
b16e2d37c82995bfe4c43088a7e783017f32f7fe
-
SHA256
4ae9a38d6dbddba6d706e92516fc0df4c3d6e899bb280b1a06e4c599cf8ce845
-
SHA512
dc93f98703761c7c79e59ebaa658c0c0de6d5b224904e89b3c0ea4046427f8121f7f2427840630e978443d109f527d200f278e500cecb648dd9f1837b44ad807
-
SSDEEP
6144:0dEeK8q1pXMgSpChXg7ruJZRiSE4P+R6pTHQu46JLrlTBtwtY6P97KhTEalgt6a+:lHlMlpzUx5Oi7TraJFcDlgt6a
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-