Behavioral task
behavioral1
Sample
1660-57-0x0000000010000000-0x000000001000E000-memory.dll
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
1660-57-0x0000000010000000-0x000000001000E000-memory.dll
Resource
win10v2004-20220721-en
General
-
Target
1660-57-0x0000000010000000-0x000000001000E000-memory.dmp
-
Size
56KB
-
MD5
0fa97ef07f6aaee8156e4adc2d7b2fbf
-
SHA1
e3e7ad0fecd8bf8d89bc5076edf4f64d889d4a6c
-
SHA256
c6dc63cef61f9af4d1f553422632823d1004796b366320eb38d2ad1c470e190c
-
SHA512
c375326be9829380e0c6ea56105377639d0f07bab64c3d118a11653802b0532dcf46596d3f1147d0b62d2ea151ab5379f88b4e4e77f250afffb5f603e66ad785
-
SSDEEP
768:A2PrU7eukUXM7dPVvWTyTdcNtW2RTYBfx6w39rDE3Lkjx2K/ZK38u5:laeuZM7dsTqdeD8B56w39HE384h38K
Malware Config
Extracted
gozi_ifsb
3000
config.edge.skype.com
37.120.206.71
37.120.206.84
193.106.191.163
-
base_path
/drew/
-
build
250240
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi_ifsb family
Files
-
1660-57-0x0000000010000000-0x000000001000E000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 1024B - Virtual size: 732B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ