General

  • Target

    20230308_unpacked_gozi.bin.dll

  • Size

    43KB

  • MD5

    e12d09d7f5bc156c651ad31508626593

  • SHA1

    afdbc23b99f31640b473772dc1db24ffc9ed61a9

  • SHA256

    5bd64a7b018db5b4538d8077ad7a50871dc6c5682a1f151cc5e8a42673e4384f

  • SHA512

    2c60802a1c448e3cbbaee2a99744abbbc008ac8ba369beb1c0728629b93f78e587dea542b1c1556f0be203863fdcb3abe0094b0cc08ccf4c4324ff43914ace00

  • SSDEEP

    768:5c0gsqVXye2rS/Q4VYXQIVpCHlNBmQWGk2j+A6ewBvu7gpzhK3D1Gc:+9sq8S/QEYXQIVWlvmYp6ewNu7hD1Gc

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 20230308_unpacked_gozi.bin.dll
    .dll windows x86

    ef075d26b728b78a932306e24062e80c


    Headers

    Imports

    Sections