Behavioral task
behavioral1
Sample
608-56-0x0000000000240000-0x000000000024D000-memory.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
608-56-0x0000000000240000-0x000000000024D000-memory.dll
Resource
win10v2004-20230220-en
General
-
Target
608-56-0x0000000000240000-0x000000000024D000-memory.dmp
-
Size
52KB
-
MD5
8f586ddaac774a9c30742c81e425cc6d
-
SHA1
21e8edef0cc4d4442d060735f20c399109cb4d9a
-
SHA256
9e96757115ed0eda8d908fc357f818297ccb196bab4f3bc24c6bd64a05eb5d65
-
SHA512
5dc57077abfa4027a52d6a4595edd8b7dce65111b1fbf9e2e6b0dc857d10b311bddda03310a0ec97d34eddd648d26be48016ea21744d17e54ced2cea1fe7e55d
-
SSDEEP
768:8owYqFvXp4GGXm/44OTBz5qHf9qR2s6L/qgz6TWNPa5dM+6hK3D1GcQh:85YqEm/4nTBaFq0LhuCNC5dMaD1GcQ
Malware Config
Extracted
gozi
7715
checklist.skype.com
62.173.142.81
193.233.175.113
109.248.11.184
212.109.218.26
185.68.93.7
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Signatures
-
Gozi family
Files
-
608-56-0x0000000000240000-0x000000000024D000-memory.dmp.dll windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ