gozi_ifsb | 9b0000[.]dll | Triage

Submit
Reports

Overview

overview

Static

static

9b0000.dll

windows7-x64

1

9b0000.dll

windows10-2004-x64

1

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9b0000.dll

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b0000.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

General

Target

9b0000.dll
Size

43KB
MD5

20ebc4efde4da88e146c8e4246f42a5d
SHA1

9dc0793afe5d962bd73be2954dbbe000386f96c6
SHA256

7fb112c3da88d1cec6b56d4503337efc9a55210736c25f6e5a59811ad5846f9b
SHA512

c6a80277fd5d90fb32915a3e4d8fc3cdee1f931fd7c32d59b301acaa3db872adc0615222629925245d1501fa331a05d260a929f3e8f7b1766861d768e67fb1a2
SSDEEP

768:6TmE+L5AkTXKMaqD4leJiArJBFkK527nhoZ3eGiLU8MZXFlkq9k7:6TmE+L5AkTixchBOKinCZ3eGMU8MZTRe

Score

10^/10

3000 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

89.41.26.99

89.45.4.102

interstarts.top

superlist.top

internetcoca.in

Attributes

base_path
/drew/
build
250246
exe_type
loader
extension
.jlk
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

9b0000.dll
.dll windows x86

b1e1d582732e4e48ca192109b68c23b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ord2
ord16
ord15
ord6

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy