Behavioral task
behavioral1
Sample
3100-135-0x00000000021E0000-0x00000000021ED000-memory.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
3100-135-0x00000000021E0000-0x00000000021ED000-memory.dll
Resource
win10v2004-20230220-en
General
-
Target
3100-135-0x00000000021E0000-0x00000000021ED000-memory.dmp
-
Size
52KB
-
MD5
933e139e2413c29e3eab9c4364f9dd9f
-
SHA1
d434e993f45e45638ceb6d268c11ddb060c41904
-
SHA256
3ebc9758d14cac0bd35277ca275c078eba9222784270b19f10da269295ab192c
-
SHA512
c990947aaa30dc15076fd799fd1c05eba51c023c0a0935233f764bf9199f871dc91bdf281423681eb3824435543e97b6836bf74aa29c5063863f0581cc322700
-
SSDEEP
768:5EQAH8qFrgc+QxmjW/I4WIQR7GHzx2WZ23KNech/+Qiqpi6dMhhK3D1Gc:mBcq5+W/ILFRId2Wdhtiq86dMeD1Gc
Malware Config
Extracted
gozi
7711
checklist.skype.com
62.173.138.6
89.117.37.146
46.8.210.82
89.116.227.15
31.41.44.51
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi family
Files
-
3100-135-0x00000000021E0000-0x00000000021ED000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ