General

  • Target

    eff0000.dll

  • Size

    215KB

  • MD5

    c87afd11901dde9795e4bca3c1cf4e9e

  • SHA1

    e1bbb27a70afb2104ecd044e0ef28c33f8d27fb7

  • SHA256

    f55c5df5ea3da2be4bbf6cb1ebfd177e86b453970a9c3ca1f9bb4be83896f63f

  • SHA512

    405ae974ce4eecf6a2d4efc47ad1c7356eb3777d31160e083e489650dfeaa19b0babde14213f551156fad6f04679a5dbc07b1bb9697dc026495a12b60be984a8

  • SSDEEP

    6144:SOZiNwkzdjpi5azwE2uP3qqMFTXAie5zjwN:SHwkx9cazwE2Y3q9TXtbN

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

8999

C2

arfv.skype.com

185.189.151.34

31.214.157.121

fakkktyirosc.at

Attributes
  • base_path

    /chupa/

  • exe_type

    worker

  • extension

    .upa

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • eff0000.dll
    .dll windows x64

    a1ef83cc18cbaac921ccd21be4b7287d


    Headers

    Imports

    Sections