General
-
Target
503a2f9558fc18c75df27af4f462f320_JaffaCakes118
-
Size
482KB
-
Sample
241017-cbdp7swdna
-
MD5
503a2f9558fc18c75df27af4f462f320
-
SHA1
fa5c51762198e9e2c19e2596ad071352d535cfd3
-
SHA256
86021b2bce948ca1c22d1a575001f2591e624d977f60ff2ded9b1befd83d78ff
-
SHA512
b7672c5276944e329bef63d9c96b635c1f45007aeaebd20d5728351712b827a643fd5f5e4459ed75f3c05ae1c5839dae0c6a51fc75d7e31166bcc37459e7212c
-
SSDEEP
6144:K8/kjlZoZuvxbOa5fLxC1u90lUsLV3AkhnD+veRMMijHKCzFWvYsbnWwsQ:KVjlZGMY1u91m3AkhnueueCzuz
Malware Config
Extracted
gozi
Targets
-
-
Target
503a2f9558fc18c75df27af4f462f320_JaffaCakes118
-
Size
482KB
-
MD5
503a2f9558fc18c75df27af4f462f320
-
SHA1
fa5c51762198e9e2c19e2596ad071352d535cfd3
-
SHA256
86021b2bce948ca1c22d1a575001f2591e624d977f60ff2ded9b1befd83d78ff
-
SHA512
b7672c5276944e329bef63d9c96b635c1f45007aeaebd20d5728351712b827a643fd5f5e4459ed75f3c05ae1c5839dae0c6a51fc75d7e31166bcc37459e7212c
-
SSDEEP
6144:K8/kjlZoZuvxbOa5fLxC1u90lUsLV3AkhnD+veRMMijHKCzFWvYsbnWwsQ:KVjlZGMY1u91m3AkhnueueCzuz
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Deletes itself
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-