gozi_ifsb | f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde | Triage

Submit
Reports

Overview

overview

Static

static

f198eb8231...de.dll

windows7_x64

3

f198eb8231...de.dll

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde.dll

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde.dll

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

General

Target

f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde
Size

64KB
MD5

f1bcffc87555b6bb90a44d4707ba1fdd
SHA1

251db636e551e8bb274fc1bb4c2494ab57df3853
SHA256

f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde
SHA512

d0bf61a32bfccf9e332bd1c63e885eeab4d3b4f1c93dddcddcd353c6563b22a4407a5ab62e92087baacc0788fd739ef511d3a805bbca61261105ecb6051ded29
SSDEEP

768:mWrMERQc1Lsf6DkBodUqeXAarJXh/mRtbH+Yl10KCV3kMeAUNcYFpaxH2:mWAcQc1HDiqlalXVmREY3QVAAUNcMmW

Score

10^/10

3300 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3300

C2

api10.laptok.at/api1

golang.feel500.at/api1

go.in100k.at/api1

Attributes

build
250171
dga_base_url
constitution.org/usdeclar.txt
dga_crc
0x4eb7d2ca
dga_season
10
dga_tlds
com
ru
org
exe_type
loader
server_id
730

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde
.dll windows x86

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy