Behavioral task
behavioral1
Sample
2824-135-0x00000000021A0000-0x00000000021AD000-memory.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2824-135-0x00000000021A0000-0x00000000021AD000-memory.dll
Resource
win10v2004-20230220-en
General
-
Target
2824-135-0x00000000021A0000-0x00000000021AD000-memory.dmp
-
Size
52KB
-
MD5
00fcf7ce9262fce3a3d2ab24bdc41d6e
-
SHA1
1aff681606961d624f0b9b362ec4d1fec290108f
-
SHA256
839c6f5fd1d023559d9c57cdec8a2967081256500043646c9d5140e31047b22b
-
SHA512
0f6597cd0d20b4654fcfd7fab9beb7266412a0ef50016a46da10c52540c428ff079bd7d61e1350fa4ecbb71c5f0b0483a53afe6ff69aa2a5f386013999472a83
-
SSDEEP
768:5UUQAqFLCRdx66l3a/I4SG2V+HXl6sQ6EeTiQAVOcsdMhhK3D1Gc:W1AqQDa/Iv5W16QdAVOcsdMeD1Gc
Malware Config
Extracted
gozi
7711
checklist.skype.com
62.173.138.6
89.117.37.146
46.8.210.82
89.116.227.15
31.41.44.51
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi family
Files
-
2824-135-0x00000000021A0000-0x00000000021AD000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ