General
-
Target
0b982d12a29302d260d7f409c896b0bef58229370813afea2d51c5687b1db872
-
Size
266KB
-
Sample
240515-v7ftjsbg4x
-
MD5
c35fcc4a0cd15b508cd025933e458f7f
-
SHA1
d164a1410a00f5957f22279ba5e7fdd7a2d59b36
-
SHA256
0b982d12a29302d260d7f409c896b0bef58229370813afea2d51c5687b1db872
-
SHA512
f380199ed1a0b1315206be2f9ddf7509db63b1b50d9ef596872a230aec0f469a7e439e419309def785c34e090f759ae87927402f6f15f281882ba0531d4082ed
-
SSDEEP
6144:PXzKdNY49u8rVMrWExifVEoSErr01net:Qa4ABr7+Vz01
Malware Config
Extracted
gozi
Targets
-
-
Target
0b982d12a29302d260d7f409c896b0bef58229370813afea2d51c5687b1db872
-
Size
266KB
-
MD5
c35fcc4a0cd15b508cd025933e458f7f
-
SHA1
d164a1410a00f5957f22279ba5e7fdd7a2d59b36
-
SHA256
0b982d12a29302d260d7f409c896b0bef58229370813afea2d51c5687b1db872
-
SHA512
f380199ed1a0b1315206be2f9ddf7509db63b1b50d9ef596872a230aec0f469a7e439e419309def785c34e090f759ae87927402f6f15f281882ba0531d4082ed
-
SSDEEP
6144:PXzKdNY49u8rVMrWExifVEoSErr01net:Qa4ABr7+Vz01
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-