General

  • Target

    42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_x64

  • Size

    213KB

  • MD5

    513789aa7df7e5e4946db3abebae67d9

  • SHA1

    e3c5dafdd760ce784db60f4246f6fa03f6d658d2

  • SHA256

    2d9b9de594b0e492d22258446ddf99e3962cfd5024345702aa3070a5d77e4c60

  • SHA512

    f471bbe3e0d7a33f28e868c563ccb526713a514c7b8afbc38817c8a7b5bda16cb7ea2303cbbf5eb72902c64ff3344eae632bc098185c99877102909f24866e95

  • SSDEEP

    3072:HUaaULsZBelnhgJjGCL0pYQjI383dyUtq2sbtlroFeq+io3iIDPCiZpFip:HNaULUBelhgQCL0aVedyn5po8q+iSCp

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1001

Attributes
  • build

    215840

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • exe_type

    worker

  • server_id

    93

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANBneTLh3H2BH43VktWxOBFtPXQzJMK5
3
yTjg5HmRgceIVIgDWZcHz0JqAFWj/i65WuQlXoUU5yAKZCVKjhjTTv0CAwEAAQ==
4
-----END PUBLIC KEY-----
serpent.plain
1
RQ6L6966PA6D8ENU

Signatures

Files

  • 42923683022f255205e9e0269abf1d6d676b4b4dfa4afec040fb4b21c24e0676_unpacked_x64
    .dll windows x64

    e75003ca3315f20cb9f243b8f927e406


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.