gozi | 09bc2a1aefbafd3e7577bc3c352c82ad[.]bin

General

Target

09bc2a1aefbafd3e7577bc3c352c82ad.bin
Size

55KB
MD5

09bc2a1aefbafd3e7577bc3c352c82ad
SHA1

eb7b0b4ce98998aa78f453e14ee1bde3319c6834
SHA256

6039fcf4b3d79f847f7b545ae0d7767a4d58e12721b049b04ade6550eef549b9
SHA512

234f10dc86467bfea7e12fcc54bde556d972ec83852f9e43e6be05e2dc1ea213b26e4f20277a3cfdaefd9970958cef70191df9f2971bf6e186a9a4cabbcd2bde
SSDEEP

1536:ogWi5BVVWsfV/hAq/ctyaAkFc+evm4VtMQtCP:jWqBVVJfVJaytAJCtS

Score

10^/10

ldr4 202206061 gozi

Malware Config

Extracted

Family

gozi

Botnet

202206061

C2

https://gigimas.xyz

https://reaso.xyz

Attributes

host_keep_time
60
host_shift_time
60
idle_time
20
request_time
10

aes.plain

Signatures

Gozi family
gozi

Files

09bc2a1aefbafd3e7577bc3c352c82ad.bin
.dll regsvr32 windows x86

dbf9d6891df624562fb00e6915c2c677

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_allmul
memset
RtlUnwind
wcstombs
strchr
sprintf
memcmp
RtlInitUnicodeString
RtlNtStatusToDosError
RtlOemStringToUnicodeString
_snprintf
memcpy
mbstowcs
_aulldiv
NtQueryVirtualMemory

kernel32

HeapDestroy
HeapCreate
SleepEx
GetTempPathW
CreateFileW
GetFileSize
GetTempFileNameW
LoadLibraryA
SetLastError
lstrlenA
CreateProcessW
HeapFree
SetEvent
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
LeaveCriticalSection
WaitForSingleObject
TerminateProcess
lstrlenW
GetLastError
EnterCriticalSection
WaitForMultipleObjects
lstrcmpiW
GetModuleHandleA
GetCurrentThreadId
CloseHandle
DeleteFileW
GetSystemTime
lstrcpyA
PeekNamedPipe
WriteFile
CreateEventA
ReadFile
ResetEvent
CreatePipe
ResumeThread
lstrcpynA
InterlockedExchange
CreateMutexA
DeleteCriticalSection
ReleaseMutex
SwitchToThread
HeapAlloc
GetExitCodeProcess
FreeLibrary
WideCharToMultiByte
lstrcatA

shlwapi

StrChrW
UrlEscapeA
wnsprintfW

advapi32

RegCloseKey
RegOpenKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyW

ole32

CreateStreamOnHGlobal

Exports

Exports

DllRegisterServer

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dbf9d6891df624562fb00e6915c2c677

Headers

File Characteristics

Imports

ntdll

kernel32

shlwapi

advapi32

ole32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.bss Size: 9KB - Virtual size: 9KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.bss
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB