General
-
Target
JaffaCakes118_caebd589b7b03bfa8bb0c1b5d3eb56e1a828e6cbac2617a6acafdfdb2d97a757
-
Size
295KB
-
Sample
241223-xjvc5sxpgp
-
MD5
ba76f5a17cbe64409cc3ffd634cb2c82
-
SHA1
66d92b49875f73e5410bb376158d4c18d2356d89
-
SHA256
caebd589b7b03bfa8bb0c1b5d3eb56e1a828e6cbac2617a6acafdfdb2d97a757
-
SHA512
a6c8ce166381ba9191abb7a8e6f190597c18e2452b874341ede88cbe936a9e2d229aa9eacb5426da8f121f48bff0d09cb5e5c85dbd7ebd22311141039d1facf9
-
SSDEEP
6144:zPv/ORJuZxjcd3kVkOsASXuZet0yyen83FFUAOtrzap:zPvKOxk0VkbASXuZet0yye8oAOta
Malware Config
Extracted
gozi
Extracted
gozi
4482
yahoo.com
soderunovos.website
qoderunovos.website
https://soderunovos.website
https://qoderunovos.website
-
base_path
/jdraw/
-
build
250211
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
extension
.crw
-
server_id
12
Targets
-
-
Target
JaffaCakes118_caebd589b7b03bfa8bb0c1b5d3eb56e1a828e6cbac2617a6acafdfdb2d97a757
-
Size
295KB
-
MD5
ba76f5a17cbe64409cc3ffd634cb2c82
-
SHA1
66d92b49875f73e5410bb376158d4c18d2356d89
-
SHA256
caebd589b7b03bfa8bb0c1b5d3eb56e1a828e6cbac2617a6acafdfdb2d97a757
-
SHA512
a6c8ce166381ba9191abb7a8e6f190597c18e2452b874341ede88cbe936a9e2d229aa9eacb5426da8f121f48bff0d09cb5e5c85dbd7ebd22311141039d1facf9
-
SSDEEP
6144:zPv/ORJuZxjcd3kVkOsASXuZet0yyen83FFUAOtrzap:zPvKOxk0VkbASXuZet0yye8oAOta
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Gozi family
-