General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • MD5

    fdd1923185c7504723ecb1e0f775094e

  • SHA1

    5e6140124993173054f3dc94e914b239f9f2db0a

  • SHA256

    c43b5d3f736b3f86f0603f8f4afca144a5118c8d1a987df461378ce8cfd20036

  • SHA512

    4ce50f003e5b0f7740e90e7a9e7d451da6c9643b10b32c8898615875f6da42a7d55514d08702131012dd4e1f260bd54ca2d27523b26e949cf78f27150473c00c

  • SSDEEP

    768:j0gsqVXye2rS/Q4VYXQIVpCHlNBmQWGk2j+A6ewBvu7gpzhK3D1Gcq:j9sq8S/QEYXQIVWlvmYp6ewNu7hD1Gcq

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.201

Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • gozi.payload-disk
    .dll windows x86

    ef075d26b728b78a932306e24062e80c


    Headers

    Imports

    Sections