General
-
Target
19a6785fe245b33b5b87091cc1d3a3fb_JaffaCakes118
-
Size
115KB
-
Sample
240728-vz3y4syejh
-
MD5
19a6785fe245b33b5b87091cc1d3a3fb
-
SHA1
574301573c262e1f1008fad6611ad1ab0506a2c7
-
SHA256
b958fb921a0e3bcc14962b3771f610e972526713f70bd36437b3f299fd252e52
-
SHA512
ff7608ea8242db34e257cd2568f9eeaad4c43e0643be5633a0881201141d26f5d46c23cc0f204e89a4a538818d35f193b1ad808bf80481f6751c6a5f84dcc6fe
-
SSDEEP
1536:cXq3Q48oRjL3YCcxt6vcfFVwXr4OHZehTead4wBb88FGHKXs/OPWWm2B:ca3Q48oZDcxYvcNIViasNbG7/OPWWm2
Malware Config
Extracted
gozi
7221
po3p53334.yahoo.com
web.citylimitshog.com
-
build
250154
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
Extracted
gozi
Targets
-
-
Target
19a6785fe245b33b5b87091cc1d3a3fb_JaffaCakes118
-
Size
115KB
-
MD5
19a6785fe245b33b5b87091cc1d3a3fb
-
SHA1
574301573c262e1f1008fad6611ad1ab0506a2c7
-
SHA256
b958fb921a0e3bcc14962b3771f610e972526713f70bd36437b3f299fd252e52
-
SHA512
ff7608ea8242db34e257cd2568f9eeaad4c43e0643be5633a0881201141d26f5d46c23cc0f204e89a4a538818d35f193b1ad808bf80481f6751c6a5f84dcc6fe
-
SSDEEP
1536:cXq3Q48oRjL3YCcxt6vcfFVwXr4OHZehTead4wBb88FGHKXs/OPWWm2B:ca3Q48oZDcxYvcNIViasNbG7/OPWWm2
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Drops file in System32 directory
-