gozi | e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-01-2023 19:00

Target

e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f.exe
Size

186KB
MD5

48e2591c09f94b3f422e46875d62bef3
SHA1

111082fb2708aa281b1cda9a4c4fece714089216
SHA256

e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f
SHA512

854d0e111e72e49620a389ae3ed4cbf903bea38bdd225b14208b02149a3197a20dc12d398a2ebbce67f47e6b021a6fc547db642b515598597810340277563eba
SSDEEP

3072:INAOhmfyCWmdsiYPk4ijZlgQcA9Xo4/0GyWRgEqUnLxqF9mEGp:TWZxk4mZlvcA91LySgE3nYZe

Score

10^/10

Family

gozi

Family

gozi

Botnet

6565

updates.microsoft.com

klounisoronws.xyz

darwikalldkkalsld.xyz

Attributes

rsa_pubkey.plain

serpent.plain

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

C:\Users\Admin\AppData\Local\Temp\e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f.exe
"C:\Users\Admin\AppData\Local\Temp\e99ab57e2060ba04bd6bbd62b3da7c671dee7f768667b298a876a62821736c1f.exe"
1⤵
PID:1392

memory/1392-54-0x00000000008DA000-0x00000000008E5000-memory.dmp

Filesize
44KB

Download
memory/1392-55-0x0000000000020000-0x000000000002C000-memory.dmp

Filesize
48KB

Download
memory/1392-56-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download
memory/1392-57-0x0000000000400000-0x0000000000828000-memory.dmp

Filesize
4.2MB

Download