Behavioral task
behavioral1
Sample
1824-56-0x0000000000400000-0x0000000000462000-memory.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
1824-56-0x0000000000400000-0x0000000000462000-memory.exe
Resource
win10v2004-20220721-en
General
-
Target
1824-56-0x0000000000400000-0x0000000000462000-memory.dmp
-
Size
392KB
-
MD5
307a57c4a6b658fc2cbaa7157af775f4
-
SHA1
7ba843169402d4672e697e7552288d541715a50a
-
SHA256
688a28ef8c7fbdc64e8d020882b64873016fbbbbf63fc3569e1d3b5b80731028
-
SHA512
ca9fb7c8167c6e482726853952478a380147d1615b0a4212a0c7ea807480168358b115e2da9f7dc282130b8aabaf91dd134d4e5b9a1462c210c60f5f3bbaa644
-
SSDEEP
6144:XfIbSKQGiTK6AOQXMwYIK3IV7l0doNn2ay964atVFtr57:PkSKATXHQX9YIK3y6d8n7y9+75
Malware Config
Extracted
gozi_ifsb
11111
trackingg-protectioon.cdn1.mozilla.net
194.76.225.168
194.76.224.242
-
base_path
/fonts/
-
build
250240
-
exe_type
loader
-
extension
.bak
-
server_id
50
Signatures
-
Gozi_ifsb family
Files
-
1824-56-0x0000000000400000-0x0000000000462000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 404B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ