General
-
Target
b072bd53f96eb7f9564c7a4414f50f0b_JaffaCakes118
-
Size
568KB
-
Sample
241129-lwrbgaypds
-
MD5
b072bd53f96eb7f9564c7a4414f50f0b
-
SHA1
c641ee060897c28bf460ee43627f0f7e38131650
-
SHA256
28147931a38bf0944c206d5e3fc52f75cff81f588b0f8d95dab1b8f37bdd6a1a
-
SHA512
7b78d79de0a5732e426c2fb482d88aedaa7bcf4c1955166f1df8cbb336cb668afffb3f10302f619a3f7ae035e9841dffbd0a8f73cdfd04399a51e3e5e1bd3850
-
SSDEEP
12288:GfIK0Xnn2SAXZUgKPLWg4+cLeWNTOg2d1yrvF:i4XnnzAX+zPqzLL3l2jyr
Malware Config
Extracted
gozi
Extracted
gozi
8877
outlook.com
boyuleruner.online
coyuleruner.online
-
base_path
/tragli/
-
build
250207
-
dga_season
10
-
exe_type
loader
-
extension
.brw
-
server_id
12
Targets
-
-
Target
b072bd53f96eb7f9564c7a4414f50f0b_JaffaCakes118
-
Size
568KB
-
MD5
b072bd53f96eb7f9564c7a4414f50f0b
-
SHA1
c641ee060897c28bf460ee43627f0f7e38131650
-
SHA256
28147931a38bf0944c206d5e3fc52f75cff81f588b0f8d95dab1b8f37bdd6a1a
-
SHA512
7b78d79de0a5732e426c2fb482d88aedaa7bcf4c1955166f1df8cbb336cb668afffb3f10302f619a3f7ae035e9841dffbd0a8f73cdfd04399a51e3e5e1bd3850
-
SSDEEP
12288:GfIK0Xnn2SAXZUgKPLWg4+cLeWNTOg2d1yrvF:i4XnnzAX+zPqzLL3l2jyr
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Gozi family
-