General
-
Target
JaffaCakes118_a00f9e4b1d9bf2a9efd95531b982d806fde9bbe929c81a23f717a78f3c63b45c
-
Size
713KB
-
Sample
241223-y7eg9szpgj
-
MD5
a1351cc2a0178e2fea23afe409fea37f
-
SHA1
94d2c73cd7d872b480ad8454902865c2ecf7c2a6
-
SHA256
a00f9e4b1d9bf2a9efd95531b982d806fde9bbe929c81a23f717a78f3c63b45c
-
SHA512
868ac9efc0199b8236d199aa6e0e6c77e951e398e6705310067fa1e7215ccb4d30703a370c955d4efd74208cbdb13c424948006cf34747a92f0006f718393a67
-
SSDEEP
12288:I82fN1NOYgR63Mwf8EBhXl6NTjj3m9srwKRV1CC0DdIB0QPk4k8JhucvRhSrYniM:j2fN1N2o3Mwf8SdEd9ZQdIBLMkJRS8iF
Malware Config
Extracted
gozi
Extracted
gozi
2500
app3.maintorna.com
chat.billionady.com
app5.folion.xyz
wer.defone.click
-
build
250188
-
exe_type
loader
-
server_id
580
Targets
-
-
Target
JaffaCakes118_a00f9e4b1d9bf2a9efd95531b982d806fde9bbe929c81a23f717a78f3c63b45c
-
Size
713KB
-
MD5
a1351cc2a0178e2fea23afe409fea37f
-
SHA1
94d2c73cd7d872b480ad8454902865c2ecf7c2a6
-
SHA256
a00f9e4b1d9bf2a9efd95531b982d806fde9bbe929c81a23f717a78f3c63b45c
-
SHA512
868ac9efc0199b8236d199aa6e0e6c77e951e398e6705310067fa1e7215ccb4d30703a370c955d4efd74208cbdb13c424948006cf34747a92f0006f718393a67
-
SSDEEP
12288:I82fN1NOYgR63Mwf8EBhXl6NTjj3m9srwKRV1CC0DdIB0QPk4k8JhucvRhSrYniM:j2fN1N2o3Mwf8SdEd9ZQdIBLMkJRS8iF
Score10/10-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Gozi family
-