General
-
Target
7ea90e877f1187b11920128d6a3a1574_JaffaCakes118
-
Size
410KB
-
Sample
240528-2l6amsgf28
-
MD5
7ea90e877f1187b11920128d6a3a1574
-
SHA1
44e3dbe0b747c760c8623e3f143a7eb3bf76c972
-
SHA256
e47a25808624969f88cbafc9de3d49b3fd41b616fb28fe3a1e344341d4777671
-
SHA512
c527afc070058e4333ec819831ccfd44e4e46f3c72070074117afe51ffdf7144f544ad37d07a166be49131bb81e5eed1af6b7de2ea41ea745d2f3f0cb0cdaa47
-
SSDEEP
6144:O3lYafWLlGXxnrgsVA6WetdjDUDSNuLBRxFqD89ciXRGk8xKsR5F03SkoRHT:OeGXh/AReLnuvxUDqmVR4ikoRHT
Malware Config
Extracted
gozi
-
build
214062
Extracted
gozi
3179
pyilgdamion.city
k13zraphael.city
xyawnat.city
-
build
214062
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
7ea90e877f1187b11920128d6a3a1574_JaffaCakes118
-
Size
410KB
-
MD5
7ea90e877f1187b11920128d6a3a1574
-
SHA1
44e3dbe0b747c760c8623e3f143a7eb3bf76c972
-
SHA256
e47a25808624969f88cbafc9de3d49b3fd41b616fb28fe3a1e344341d4777671
-
SHA512
c527afc070058e4333ec819831ccfd44e4e46f3c72070074117afe51ffdf7144f544ad37d07a166be49131bb81e5eed1af6b7de2ea41ea745d2f3f0cb0cdaa47
-
SSDEEP
6144:O3lYafWLlGXxnrgsVA6WetdjDUDSNuLBRxFqD89ciXRGk8xKsR5F03SkoRHT:OeGXh/AReLnuvxUDqmVR4ikoRHT
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-