General
-
Target
Documenti.zip
-
Size
325B
-
Sample
231012-rezjeadc9v
-
MD5
f85a571e79c4826aba3805084689bc27
-
SHA1
c8bc385897c84b7a5ab01682967bc8b11b4f80d1
-
SHA256
a9ea9e40f12e969624fed4710df884076b80b97b7a29e5e830c01e9c4e46596a
-
SHA512
57064a8899e41264962eefb2e463d4a64a255e812f55f77cec9a3e31f8140a06d79a4336efd43f3ff77742e8af55c94fac83ff86a9433683aa9c214b9201a2bc
Malware Config
Extracted
gozi
Extracted
gozi
5050
fotexion.com
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Extracted
gozi
5050
fotexion.com
-
base_path
/pictures/
-
build
250260
-
exe_type
worker
-
extension
.bob
-
server_id
50
Targets
-
-
Target
Documenti.url
-
Size
195B
-
MD5
4d7d46f082ea539ffef896638e7f621e
-
SHA1
f1b9e5c62fe28ba60f7977bc9ff7a48124d40294
-
SHA256
2d58ddd8ca73f4eff0945a3537e0a7bf888fdf7fb963ef43d8e07f5517404f69
-
SHA512
9f14c82416a0861348cec391c9f87664bd0772a5bfd973c3ad0ab6bb071df5778781d2ba5dbcedfbc65d26c58c86eb9d14a8299cecd611e9dfedabbbf1fa922e
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-