General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • MD5

    00c5cefd7b8d986960d52fb37aad1f38

  • SHA1

    fabf6f9f6890f94725c9556b671f62816b657b35

  • SHA256

    9fe764ec2cf232b5cf3afbdac83da4846ab4a7e11e5fda936097eec79bffa72b

  • SHA512

    fc2813aa5193c9e5f9bcba29d1d3bcd7b24bf1bdfae75b18c371f3689548bdc50c7ca57fb6c3e36361083a8551a4c91789ca1f6d11b6531e3191216265cff05f

  • SSDEEP

    768:ZibfzHdW3Q0Jfb7cY4ig5sfCQygT8bf1OTNFM7gpt+AFWHuAIed:O7HdgfncFig5sfCQyXz1OTfM7AYHuA7d

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

194.76.226.15

109.230.199.114

Attributes
  • base_path

    /drew/

  • build

    250235

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • gozi.payload-disk
    .dll windows x86

    ef075d26b728b78a932306e24062e80c


    Headers

    Imports

    Sections