gozi_ifsb | 23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec

Sharing

Copy URL

Twitter E-mail

General

Target

23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec
Size

222KB
MD5

4cc0ab0723d94bf572c33ac7af89edba
SHA1

657f84c00323f99128856df23ea593d13addfbd5
SHA256

23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec
SHA512

8fdb7055e2098fc7ae814921d7128c215bf803a0ec1beb51b4d8ce6982a14aacf405cd3d3ff206a9a9834686eea147ad5251f4adcee065cdb9b9808d76570be2
SSDEEP

6144:nUQaZVS84Q1XdY2lZXuSqm932164T8jS:npaZVS85tBZXvpF21R

Score

10^/10

8877 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

microsoft.com/blog

195.123.213.53

185.186.244.85

185.186.246.32

dsakdjehrjwekrew.website

dasdfrjnkrnfjkwerrwe.website

Attributes

base_path
/images/
dga_season
10
dns_servers
107.174.86.134

107.175.127.22
exe_type
worker
extension
.avi
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

23251d989078d7d69c6cfe6de3c9f2102d5810266fc483e11e0c71ab000000ec
.dll windows x64

902fc2df815040dcf720d3bc4f7433f7

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

ZwOpenProcess
strcpy
NtSetInformationProcess
sprintf
ZwOpenProcessToken
ZwClose
ZwQueryInformationToken
NtQuerySystemInformation
RtlNtStatusToDosError
ZwQueryInformationProcess
_wcsupr
memmove
mbstowcs
wcscpy
_snprintf
RtlFreeUnicodeString
ZwQueryKey
RtlUpcaseUnicodeString
memcpy
memset
RtlAdjustPrivilege
_snwprintf
_strupr
wcstombs
NtQueryInformationThread
RtlImageNtHeader
__C_specific_handler

kernel32

TlsAlloc
VirtualProtectEx
FileTimeToLocalFileTime
CreateFileMappingW
GetModuleFileNameA
GetModuleFileNameW
FileTimeToSystemTime
GetLocalTime
GetComputerNameW
GetComputerNameExA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTempFileNameA
CreateThread
TerminateThread
ExpandEnvironmentStringsW
FindClose
lstrlenW
GetLastError
HeapAlloc
CloseHandle
HeapFree
ResetEvent
DeleteFileW
WaitForSingleObject
ExitThread
lstrcpyA
CreateFileA
lstrlenA
lstrcatA
WriteFile
CreateDirectoryA
RemoveDirectoryA
LoadLibraryA
DeleteFileA
HeapCreate
SetEvent
HeapReAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
HeapDestroy
lstrcatW
SwitchToThread
SetWaitableTimer
OpenProcess
GetFileSize
GetCurrentThreadId
DuplicateHandle
GetTickCount
TerminateProcess
GetCurrentThread
VirtualFree
VirtualAlloc
lstrcmpA
Sleep
CopyFileW
GetWindowsDirectoryA
CreateFileW
CreateDirectoryW
EnterCriticalSection
ExitProcess
CreateEventA
GetTempPathA
GetCommandLineA
lstrcmpiW
SuspendThread
LeaveCriticalSection
ResumeThread
InitializeCriticalSection
lstrcpyW
CreateWaitableTimerA
SetLastError
lstrcmpiA
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
OpenWaitableTimerA
CreateMutexA
OpenMutexA
ReleaseMutex
UnregisterWait
VirtualProtect
TlsGetValue
RegisterWaitForSingleObject
GetVersionExA
LoadLibraryExW
TlsSetValue
OpenEventA
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetProcAddress
CreateFileMappingA
GetDriveTypeW
WideCharToMultiByte
GetLogicalDriveStringsW
GetFileAttributesA
OpenFileMappingA
GetExitCodeProcess
GetFileAttributesW
CreateProcessA
lstrcpynA
LocalFree
GlobalLock
GlobalUnlock
OpenThread
Thread32Next
CreateToolhelp32Snapshot
Thread32First
QueueUserAPC
DisconnectNamedPipe
FlushFileBuffers
CallNamedPipeA
CreateNamedPipeA
GetSystemTime
WaitNamedPipeA
ReadFile
ConnectNamedPipe
GetOverlappedResult
CancelIo
SleepEx
LocalAlloc
FreeLibrary
RaiseException
SetEndOfFile
FindNextFileW
SetFilePointer
FindFirstFileW
RemoveDirectoryW
GetCurrentProcessId
GetVersion
VirtualQuery
DeleteCriticalSection

Sections

.text
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

902fc2df815040dcf720d3bc4f7433f7

Code Sign

Headers

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 178KB - Virtual size: 177KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 5KB

.bss Size: 8KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 178KB - Virtual size: 177KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 5KB

.bss
Size: 8KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 4KB