General
-
Target
f01cf6a6bc47fb5232dee9b8b715abd7_JaffaCakes118
-
Size
203KB
-
Sample
240921-s5jrbazejf
-
MD5
f01cf6a6bc47fb5232dee9b8b715abd7
-
SHA1
6fb3f0de381f2d1cd5aec702d297c706aca7e168
-
SHA256
ee1ccb20556e8d05657589f3ad0c130d6e5b1a12ad8448d8d3023d59cb2ea225
-
SHA512
139c9cc5d97a652f08947acdcc9311ec4b0c8847a501d49789cb351f86a7a3e32d491729a4f07470084283a2c4a9bedd585559480d0f4753e992fc8972b273ad
-
SSDEEP
3072:9kji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9udp4uPZzGonqXGXh0bluBc4GZ5
Malware Config
Extracted
gozi
-
build
215165
Extracted
gozi
3162
menehleibe.com
liemuteste.com
thulligend.com
-
build
215165
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
f01cf6a6bc47fb5232dee9b8b715abd7_JaffaCakes118
-
Size
203KB
-
MD5
f01cf6a6bc47fb5232dee9b8b715abd7
-
SHA1
6fb3f0de381f2d1cd5aec702d297c706aca7e168
-
SHA256
ee1ccb20556e8d05657589f3ad0c130d6e5b1a12ad8448d8d3023d59cb2ea225
-
SHA512
139c9cc5d97a652f08947acdcc9311ec4b0c8847a501d49789cb351f86a7a3e32d491729a4f07470084283a2c4a9bedd585559480d0f4753e992fc8972b273ad
-
SSDEEP
3072:9kji2dQ6v4uPXDNUj4jKBonzmLXlYVRLh0epEEZqkFBc4+uTqN76o:9udp4uPZzGonqXGXh0bluBc4GZ5
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-