General
-
Target
VirusShare_7afb45ac5810698b4f3d8bc49e5d02c9
-
Size
526KB
-
Sample
240609-gjqrysfd27
-
MD5
7afb45ac5810698b4f3d8bc49e5d02c9
-
SHA1
82ac0b36bc447b697a907067a4163f4904d8ab25
-
SHA256
336e5e72892c6ac686f60e22a98848100e6af98f52490af608e0c930afef5798
-
SHA512
d867f302850a493d0424ad18b2adb110704c7eafde5a1fbb0eef9f109d366d0758bddbece0b8a0a0d5482b5ccf39e0dadff9dc143162eb5710c8639acc88db21
-
SSDEEP
12288:Y3oGlmVDxLpA4pxc7wak9J5Q4xyhdG0++sVMJG2T7D/mxeT6xY:bVDZi4QEakn5PS+yFTXmAOxY
Malware Config
Extracted
gozi
-
build
215798
Targets
-
-
Target
VirusShare_7afb45ac5810698b4f3d8bc49e5d02c9
-
Size
526KB
-
MD5
7afb45ac5810698b4f3d8bc49e5d02c9
-
SHA1
82ac0b36bc447b697a907067a4163f4904d8ab25
-
SHA256
336e5e72892c6ac686f60e22a98848100e6af98f52490af608e0c930afef5798
-
SHA512
d867f302850a493d0424ad18b2adb110704c7eafde5a1fbb0eef9f109d366d0758bddbece0b8a0a0d5482b5ccf39e0dadff9dc143162eb5710c8639acc88db21
-
SSDEEP
12288:Y3oGlmVDxLpA4pxc7wak9J5Q4xyhdG0++sVMJG2T7D/mxeT6xY:bVDZi4QEakn5PS+yFTXmAOxY
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-