Behavioral task
behavioral1
Sample
1408-57-0x00000000001C0000-0x000000000022E000-memory.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1408-57-0x00000000001C0000-0x000000000022E000-memory.dll
Resource
win10v2004-20220414-en
General
-
Target
1408-57-0x00000000001C0000-0x000000000022E000-memory.dmp
-
Size
440KB
-
MD5
9353b8464534a077e1023295e22276dc
-
SHA1
ee5fd74d331fb5faffb4ac54bb031c683eff2f3c
-
SHA256
c8ffba454a1a71f8b5635cd387ab53ed6ecab7102665581a0839403dca0f7bda
-
SHA512
864296da41118aa9508c5a7ccfd98242d714b188df96a32d40877c85e9f04b71bbe28438be3bc6913404da8858968927d01b06c88ef0a4ffa01292c556c96f26
-
SSDEEP
1536:Z/NKMeZt8rNq4ni5Gu8KN5Jhto+AMHHboIJpCRkX:Z/NKMEt8rNqJ5B9htnp0
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
79.110.52.164
79.110.52.97
-
base_path
/drew/
-
build
250239
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi_ifsb family
Files
-
1408-57-0x00000000001C0000-0x000000000022E000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ