General

  • Target

    eff0000.dll

  • Size

    215KB

  • MD5

    a2785bb54660815999ad45b244c9612f

  • SHA1

    8d0c93a9e54faf70f4f565de4108eae9e7f034a0

  • SHA256

    9045f11717ce012aa819655738febe6e9b3ed9ff154b8172a9d9abf2b267f771

  • SHA512

    294365461733b2b9279799ea4f8cec8804895f9e174767a1ff0d3c5eade271c1799e9b83018b2e999524287647abd2500a9484c49419dd282048321e7097eb1c

  • SSDEEP

    6144:SOZiNwkzdjpi5azwE2uP3qqMFTXAie5qjwN:SHwkx9cazwE2Y3q9TXtkN

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8999

C2

arfv.skype.com

185.189.151.34

31.214.157.121

fakkktyirosc.at

Attributes
  • base_path

    /chupa/

  • exe_type

    worker

  • extension

    .upa

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • eff0000.dll
    .dll windows x64

    a1ef83cc18cbaac921ccd21be4b7287d


    Headers

    Imports

    Sections