General
-
Target
05e33f5e53db406bfa76e2bf569b1c21b4bffec3b90d1e8059963a2214d97e3cN.exe
-
Size
971KB
-
Sample
241219-2m13baskas
-
MD5
257a35e347e7f71dc1425ff153ec2510
-
SHA1
79a6d6e5ebc2d8357d3c3e4c0ac2bee55eea5fb2
-
SHA256
05e33f5e53db406bfa76e2bf569b1c21b4bffec3b90d1e8059963a2214d97e3c
-
SHA512
593399bdd9ec38f3c4b5c901243241bfb33885835cfd5e5f5a67d2052b0a4c67290dde0d42a0541234164857ec75bf6b63f6e1eeab076bed0e3b3b785a8f7c61
-
SSDEEP
24576:dGlkSyXOKByXVHmuUAQrFZ5J5EdG9UAGPatVWZ:oyeKByF5U9FZ5J5YatVWZ
Malware Config
Extracted
gozi
Extracted
gozi
1000
http://ey7kuuklgieop2pq.onion
http://shoshanna.at
http://maiamirainy.at
-
build
217027
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
worker
-
server_id
12
Targets
-
-
Target
05e33f5e53db406bfa76e2bf569b1c21b4bffec3b90d1e8059963a2214d97e3cN.exe
-
Size
971KB
-
MD5
257a35e347e7f71dc1425ff153ec2510
-
SHA1
79a6d6e5ebc2d8357d3c3e4c0ac2bee55eea5fb2
-
SHA256
05e33f5e53db406bfa76e2bf569b1c21b4bffec3b90d1e8059963a2214d97e3c
-
SHA512
593399bdd9ec38f3c4b5c901243241bfb33885835cfd5e5f5a67d2052b0a4c67290dde0d42a0541234164857ec75bf6b63f6e1eeab076bed0e3b3b785a8f7c61
-
SSDEEP
24576:dGlkSyXOKByXVHmuUAQrFZ5J5EdG9UAGPatVWZ:oyeKByF5U9FZ5J5YatVWZ
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Gozi family
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-