General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • MD5

    3a8f2a2d40f118146d8d3f2f42315739

  • SHA1

    3b4ef4c3a1a3c6d6aa0ab9006952b5bb8fa73749

  • SHA256

    ae9f0663e71d68075993bb8b1576bdc7b7497782ec34741b150c8937f00cc3f4

  • SHA512

    df85bf5f327d0bae6e061c7c6182e99170d66107066256928b4dd4b7af1fcb02fa96b4f43bbca0e97654db11d1bce2b7b468601b4190288a36efcaf013e5f27d

  • SSDEEP

    768:plYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVp:plYhzJ2VQEFf/2VYuAZOzNM7uyH

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

37.120.206.71

37.120.206.84

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • gozi.payload-disk
    .dll windows x86

    ef075d26b728b78a932306e24062e80c


    Headers

    Imports

    Sections