General
-
Target
a43be7341e3d13810d20b9e64e329c83
-
Size
6.4MB
-
Sample
240225-ttd75aff38
-
MD5
a43be7341e3d13810d20b9e64e329c83
-
SHA1
ad582a30ba365885be34fe503c744088d08b4baa
-
SHA256
e2c83783d6ab57ac91d99bfb9d607d0b5537e305661406bbf2347c3af92d3464
-
SHA512
cf79fcf60158a33adb39351b4626e8012e737acf4633b882c75240b21480ac1cc91e811c8b351f6e499b689d15b87054cc185c5d54e8e0d628b8b13bfc3bd877
-
SSDEEP
98304:oSilBhaEFMX+MEGi6OEJ0ehjDhGSib2RDWBXW4Gd72eg7GpAadkBlsr1SFF0:KhaIRMEXehxitdogqtqBq9
Malware Config
Extracted
gozi
1001
update1.avast.com
zilbon.ws
update2.avira.com
lumpet.co
emerald.ws
ferroun.in
-
base_path
/sreamble/
-
build
250207
-
dga_season
10
-
exe_type
loader
-
extension
.sre
-
server_id
12
Extracted
gozi
Targets
-
-
Target
a43be7341e3d13810d20b9e64e329c83
-
Size
6.4MB
-
MD5
a43be7341e3d13810d20b9e64e329c83
-
SHA1
ad582a30ba365885be34fe503c744088d08b4baa
-
SHA256
e2c83783d6ab57ac91d99bfb9d607d0b5537e305661406bbf2347c3af92d3464
-
SHA512
cf79fcf60158a33adb39351b4626e8012e737acf4633b882c75240b21480ac1cc91e811c8b351f6e499b689d15b87054cc185c5d54e8e0d628b8b13bfc3bd877
-
SSDEEP
98304:oSilBhaEFMX+MEGi6OEJ0ehjDhGSib2RDWBXW4Gd72eg7GpAadkBlsr1SFF0:KhaIRMEXehxitdogqtqBq9
Score10/10-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-