Overview

overview

10

Static

static

10

2032-54-0x...ry.dll

windows7-x64

3

2032-54-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2032-54-0x0000000000400000-0x0000000000439000-memory.dmp

  • Size

    228KB

  • MD5

    38a442040cba5afa0bb3c31017ac23cd

  • SHA1

    d18580f7acaa6ef5bd4e0dde31f4f2509e004619

  • SHA256

    b9edff491947953e77a9813cd584eb6f1407c4b49bc44d0506c9d478cbcc20b2

  • SHA512

    c97a1a95eb2771d178c664d9a044fa798dd5bfec5248585b37c795f210e41aa9d8753744ded82f9cdd82ee73c39ced4b940eb48be1ae61f2b6d9f578f3ee8dbd

  • SSDEEP

    768:n2SOV9wBsjYm3vEcy3cUT0LrqH6EHV9HmDXhVp/s6zTgMlbDlxKWAb2:1OV9wBAYm1eVmHG9HCx/jzTtbBxK

Score
10/10
isfb777777gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

777777

C2

trackingg-protectioon.cdn4.mozilla.net

176.10.111.233

91.241.93.192

45.155.249.200

45.155.250.216
Attributes
  • base_path

    /fonts/

  • build

    250257

  • exe_type

    loader

  • extension

    .bak

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
    gozi
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2032-54-0x0000000000400000-0x0000000000439000-memory.dmp
    .dll windows x86


    Headers

    Sections