gozi_ifsb | e820efb91acb26da9d63723b701387b1e46dc0916800b0eb2b6aa697d5ee2eff

General

Target

e820efb91acb26da9d63723b701387b1e46dc0916800b0eb2b6aa697d5ee2eff
Size

114KB
MD5

64030e5b8541e2f391b3e4bdafe6fde2
SHA1

f24e4df0107464c28b62352491ee09afab09900c
SHA256

e820efb91acb26da9d63723b701387b1e46dc0916800b0eb2b6aa697d5ee2eff
SHA512

377f8727cdb4c8804dbfc99fed4862927176417b828d70de9aa5ed140d199f39b8bbf6a7221c11cfdd6c5eae153b705ee8cb31d2129885c46b8b602d52ceda53
SSDEEP

768:N67l5y38M8vWFElgl9Jjeo1L0BM93+MTj5H2oATDBinjAqwODpOPCz0qyy:MxU351eo1woLPAJUjAa0Pmy

Score

10^/10

8877 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8877

C2

outlook.com/login

gmail.com

dorelunonu.us

morelunonu.us

Attributes

base_path
/greed/
build
250195
dga_season
10
exe_type
loader
extension
.gfk
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

e820efb91acb26da9d63723b701387b1e46dc0916800b0eb2b6aa697d5ee2eff
.dll regsvr32 windows x86

6e9163c62b29a1ccabed40ce8621a95a

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
Sleep
ExitThread
CloseHandle
GetLastError
GetExitCodeThread
GetSystemTime
SwitchToThread
SetThreadAffinityMask
SetThreadPriority
HeapCreate
HeapDestroy
GetCurrentThread
SleepEx
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
lstrlenW
VirtualProtect
GetModuleFileNameW
SetLastError
GetModuleHandleA
OpenProcess
CreateEventA
GetLongPathNameW
GetVersion
GetCurrentProcessId
TerminateThread
QueueUserAPC
CreateThread
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
MapViewOfFile
GetSystemTimeAsFileTime
CreateFileMappingW

ntdll

_snwprintf
memset
memcpy
_aulldiv
RtlUnwind
NtQueryVirtualMemory

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

6e9163c62b29a1ccabed40ce8621a95a

Code Sign

Headers

File Characteristics

Imports

kernel32

ntdll

advapi32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 476B

.bss Size: 1024B - Virtual size: 732B

.reloc Size: 33KB - Virtual size: 36KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 476B

.bss
Size: 1024B - Virtual size: 732B

.reloc
Size: 33KB - Virtual size: 36KB