General

  • Target

    26.exe

  • Size

    37KB

  • MD5

    856df3bff4296836aad8c580fd7ff89b

  • SHA1

    4bc3224e123cb07a728b30112c7e4bec5853659f

  • SHA256

    265b2bddff25ec6028a79f4b4163e6907c342fd543e81caa19bc51d1a277509a

  • SHA512

    d496206d396c3fbcb3be9bba2118481c38f21cd53f605ba1e709a51c4044e8c58baf69ae6d1e2d5012630f6de33890bcf63f2c4d9cc69ddecc8e150b0932b0a5

  • SSDEEP

    768:dtGIijUZ/yV2ppYTIG4iSEDHaFA3rIKIt907wKZ:3ZiqlppYTn/HDHX/JZ

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

5001

C2

ntp.msn.com

176.10.125.104

bing.com

176.10.118.197

Attributes
  • base_path

    /chupa/

  • build

    250235

  • exe_type

    loader

  • extension

    .upa

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 26.exe
    .exe windows x86

    a225a198dd77b77924eb15a705beb665


    Headers

    Imports

    Sections