General
-
Target
file.dll
-
Size
362KB
-
Sample
230601-wdd9asff36
-
MD5
3969d9062eb2daef1872aaf898636f08
-
SHA1
7922117847dcda90de4d8fbaaa5613076b959115
-
SHA256
7ce0babea43a0eca93ed5458b77df1cd695f672e8dd784d8ff0af777b66e7865
-
SHA512
c88f6d7f3cea5dbc8341ad4a7f6c6fc197a6b9f30b807a2eb61ab9cf33d3f607f4ddd04e91eb461edf9842062319f60bbdf6d9f964f3fc20748c748734437bf4
-
SSDEEP
3072:QmNJTdnsnRNulFiOxyioF2XfSGXbR4cFekbhO6r253I0rSis6bGCKLb1TASh8mU+:2MtTX3hdrCk6bGRL5TASh8mUUJaM
Malware Config
Extracted
gozi
Extracted
gozi
20000
chick.bing.com
http://79.132.129.207
http://94.247.42.106
http://94.247.42.79
http://185.212.44.76
http://45.155.249.200
http://45.155.250.216
-
base_path
/zerotohero/
-
build
250257
-
exe_type
loader
-
extension
.asi
-
server_id
50
Extracted
gozi
20000
chick.bing.com
http://79.132.135.249
http://45.155.249.47
http://31.214.157.160
http://45.155.250.55
http://45.11.180.140
http://45.155.250.217
http://45.155.249.49
-
base_path
/zerotohero/
-
build
250257
-
exe_type
worker
-
extension
.asi
-
server_id
50
Targets
-
-
Target
file.dll
-
Size
362KB
-
MD5
3969d9062eb2daef1872aaf898636f08
-
SHA1
7922117847dcda90de4d8fbaaa5613076b959115
-
SHA256
7ce0babea43a0eca93ed5458b77df1cd695f672e8dd784d8ff0af777b66e7865
-
SHA512
c88f6d7f3cea5dbc8341ad4a7f6c6fc197a6b9f30b807a2eb61ab9cf33d3f607f4ddd04e91eb461edf9842062319f60bbdf6d9f964f3fc20748c748734437bf4
-
SSDEEP
3072:QmNJTdnsnRNulFiOxyioF2XfSGXbR4cFekbhO6r253I0rSis6bGCKLb1TASh8mU+:2MtTX3hdrCk6bGRL5TASh8mUUJaM
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-