General
-
Target
61489b8f0c9db0196f6f7bef3a866e12_JaffaCakes118
-
Size
20KB
-
Sample
240721-y9j6jawakm
-
MD5
61489b8f0c9db0196f6f7bef3a866e12
-
SHA1
60c4dd496c44ceb3dfe589c97638e46a7c396f13
-
SHA256
ddd342053fc1b2a05e2e541b1a5caa33e2693e40a0a2b1c086e225f284e4a6cc
-
SHA512
5b884e500b629ab2019d10ed6552a7c080bd0595c11259148e3324ab3d342507bf9ca49b3021caa3abf2aeeceb77b6c4e4343320faaac8d931f67c95ca445b32
-
SSDEEP
384:s1qoism0AbTGmissSGZv/siacUT0gaNJawcudoD7U4WyD5ldZAeKD0:sniRGmGHZXoQnbcuyD7U2DndZAeKD
Malware Config
Extracted
gozi
Targets
-
-
Target
61489b8f0c9db0196f6f7bef3a866e12_JaffaCakes118
-
Size
20KB
-
MD5
61489b8f0c9db0196f6f7bef3a866e12
-
SHA1
60c4dd496c44ceb3dfe589c97638e46a7c396f13
-
SHA256
ddd342053fc1b2a05e2e541b1a5caa33e2693e40a0a2b1c086e225f284e4a6cc
-
SHA512
5b884e500b629ab2019d10ed6552a7c080bd0595c11259148e3324ab3d342507bf9ca49b3021caa3abf2aeeceb77b6c4e4343320faaac8d931f67c95ca445b32
-
SSDEEP
384:s1qoism0AbTGmissSGZv/siacUT0gaNJawcudoD7U4WyD5ldZAeKD0:sniRGmGHZXoQnbcuyD7U2DndZAeKD
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-