Overview

overview

10

Static

static

10

1628-54-0x...ry.dll

windows7-x64

3

1628-54-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1628-54-0x0000000000400000-0x0000000000439000-memory.dmp

  • Size

    228KB

  • MD5

    f903962572690fcf568a9bec53cca8fe

  • SHA1

    64ce901b67865cf77915c56b0ed45cafe03ff5d1

  • SHA256

    eca1f3b29e9e0e11b246551c1e41470fa7d4b4888d8f2a179eca9dd96fb711ff

  • SHA512

    1d7ab0ec6ef74980e3c97c11edddaecf7480d263f78dc672c08d455b69af389ecffcd569ff08cd73d48f9a718ea0b27663b0ab391f6cb71ad13d04711d449ec5

  • SSDEEP

    768:n2SOV9wBsjYm4vEcy3cUT0LrqH6EHV9HmDXhVp/s6zTgMlbDlxKWAb2:1OV9wBAYmoeVmHG9HCx/jzTtbBxK

Score
10/10
isfb777777gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

777777

C2

trackingg-protectioon.cdn4.mozilla.net

176.10.111.233

91.241.93.192

45.155.249.200

45.155.250.216
Attributes
  • base_path

    /fonts/

  • build

    250257

  • exe_type

    loader

  • extension

    .bak

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
    gozi
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1628-54-0x0000000000400000-0x0000000000439000-memory.dmp
    .dll windows x86


    Headers

    Sections