General

  • Target

    unpacked_gozi_sample.exe.dll

  • Size

    52KB

  • MD5

    5e3679f687797e3bdf5534b64a5219ad

  • SHA1

    e2b6875ed9b55f75db73dfb0cc55477ab9bd0345

  • SHA256

    646ab5eb6224824f04f4b78b80f47e2b7251c8ad9af55d806f7a016403f2fa45

  • SHA512

    b7041fd2ae3b79d492d2a5b45fc50d9d358cf7f43a16f359416e4a33c9cae656e13dfd800a51d83426610cfe8d0fbbcecd5d55bd4f878f49b900a12892a97bb0

  • SSDEEP

    1536:3+Jqy7X7/0YOq6bTdtGpRJc5dMbD1Gcq:gqy3V6bTdIgdMX1G

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.201

Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • unpacked_gozi_sample.exe.dll
    .dll windows x86

    b1e1d582732e4e48ca192109b68c23b4


    Headers

    Imports

    Sections