General
-
Target
fdf00acac0a1a5dec872f6dac0302283_JaffaCakes118
-
Size
1.3MB
-
Sample
240420-3tvdsadc49
-
MD5
fdf00acac0a1a5dec872f6dac0302283
-
SHA1
e161063e84554baa5648ef33f715830bf165ca25
-
SHA256
3cb0fbb73d7d384ba1374957a791e1fabfe51a5e01a281ba95964e5e3721662d
-
SHA512
759460d5217af8b386bc7e40259ffd8d7ed8b7fd1373aa4ad7a13fec7fb55dca00d41025d4b4c0f944fe26b91a95f27d053318ef1ef1d082f19cef96f0fd8e03
-
SSDEEP
24576:qu6phkbhlpsf9XX+b61V/u1DwYSKMKnkdWmwWgn2wQtMBMpPJiHLY/63CWc:quShkNkF+m1V/uS7RwmwWMT6iNCp
Malware Config
Extracted
gozi
Targets
-
-
Target
fdf00acac0a1a5dec872f6dac0302283_JaffaCakes118
-
Size
1.3MB
-
MD5
fdf00acac0a1a5dec872f6dac0302283
-
SHA1
e161063e84554baa5648ef33f715830bf165ca25
-
SHA256
3cb0fbb73d7d384ba1374957a791e1fabfe51a5e01a281ba95964e5e3721662d
-
SHA512
759460d5217af8b386bc7e40259ffd8d7ed8b7fd1373aa4ad7a13fec7fb55dca00d41025d4b4c0f944fe26b91a95f27d053318ef1ef1d082f19cef96f0fd8e03
-
SSDEEP
24576:qu6phkbhlpsf9XX+b61V/u1DwYSKMKnkdWmwWgn2wQtMBMpPJiHLY/63CWc:quShkNkF+m1V/uS7RwmwWMT6iNCp
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-