General
-
Target
9988aeab1bd08d8e28d7a7bcaed0c312_JaffaCakes118
-
Size
2.9MB
-
Sample
241125-gbh25sxler
-
MD5
9988aeab1bd08d8e28d7a7bcaed0c312
-
SHA1
8b2f7f23378fab1d996827deedf8d7d3ed3e7bb8
-
SHA256
5881c8471eb49b97322f3cd663efd3e188771d5c4f7545f8cd7e1395f46502d6
-
SHA512
7b1a762e18503954ffcb0dee11411be453b3436b47e465cab1088ee783fa2a289c6f3f220a49a1e389b12318468ed24b73c85da7fdfc3821ae7314ac48036625
-
SSDEEP
49152:ViNOcU1oOni0rc2/km16IdEWVPcV9IXN74NH5HUyNRcUsCVOzetdZJ:ViEcUliugm16ILVPP4HBUCczzM3
Malware Config
Extracted
gozi
Targets
-
-
Target
9988aeab1bd08d8e28d7a7bcaed0c312_JaffaCakes118
-
Size
2.9MB
-
MD5
9988aeab1bd08d8e28d7a7bcaed0c312
-
SHA1
8b2f7f23378fab1d996827deedf8d7d3ed3e7bb8
-
SHA256
5881c8471eb49b97322f3cd663efd3e188771d5c4f7545f8cd7e1395f46502d6
-
SHA512
7b1a762e18503954ffcb0dee11411be453b3436b47e465cab1088ee783fa2a289c6f3f220a49a1e389b12318468ed24b73c85da7fdfc3821ae7314ac48036625
-
SSDEEP
49152:ViNOcU1oOni0rc2/km16IdEWVPcV9IXN74NH5HUyNRcUsCVOzetdZJ:ViEcUliugm16ILVPP4HBUCczzM3
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Gozi family
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-