Behavioral task
behavioral1
Sample
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde.dll
Resource
win10v2004-en-20220113
General
-
Target
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde
-
Size
64KB
-
MD5
f1bcffc87555b6bb90a44d4707ba1fdd
-
SHA1
251db636e551e8bb274fc1bb4c2494ab57df3853
-
SHA256
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde
-
SHA512
d0bf61a32bfccf9e332bd1c63e885eeab4d3b4f1c93dddcddcd353c6563b22a4407a5ab62e92087baacc0788fd739ef511d3a805bbca61261105ecb6051ded29
-
SSDEEP
768:mWrMERQc1Lsf6DkBodUqeXAarJXh/mRtbH+Yl10KCV3kMeAUNcYFpaxH2:mWAcQc1HDiqlalXVmREY3QVAAUNcMmW
Malware Config
Extracted
gozi_ifsb
3300
api10.laptok.at/api1
golang.feel500.at/api1
go.in100k.at/api1
-
build
250171
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
730
Signatures
-
Gozi_ifsb family
Files
-
f198eb8231003e2508ea5d935fd713f33c6dcb02fa38ae171643120337d3dcde.dll windows x86
Code Sign
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 41KB - Virtual size: 40KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 756B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ