Behavioral task
behavioral1
Sample
1796-57-0x00000000001E0000-0x000000000024F000-memory.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1796-57-0x00000000001E0000-0x000000000024F000-memory.dll
Resource
win10v2004-20220414-en
General
-
Target
1796-57-0x00000000001E0000-0x000000000024F000-memory.dmp
-
Size
444KB
-
MD5
61c266164965a67ed6b760611ffd2447
-
SHA1
38a3e10184a5ee175293f8df713fc01e7cafc777
-
SHA256
8ec0884d8586ebd34abda9cd8632e2190d107334b27bd861c965501880fcedce
-
SHA512
cec65d5f73eef5b913b44c59051cfb00499c8e036c399095e0be377c4157cc0faa3346da1d7d0bc392f85ba8a1b5838592383c798236ea9fb724174629b3eed6
-
SSDEEP
768:A2ppD0XU20VgIVvky2AZLKuFjoaHddrJ6271EPs1hSe7cBVksMPyx2:rps0VgIoA5pVddIZP6se4Hs
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
194.76.226.15
109.230.199.114
-
base_path
/drew/
-
build
250235
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi_ifsb family
Files
-
1796-57-0x00000000001E0000-0x000000000024F000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ