Overview

overview

10

Static

static

10

1788-56-0x...ry.dll

windows7-x64

3

1788-56-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1788-56-0x00000000001C0000-0x00000000001E1000-memory.dmp

  • Size

    132KB

  • MD5

    0eec81b7ea1c94f8e21aa0bc385c6bb2

  • SHA1

    b0ca91d988791af5da06f0221b38c3db442752a5

  • SHA256

    56380a45a56dfcce42e0e9069de793b32e2a98d8119b94fc454121667b02c64f

  • SHA512

    88375ffac839a17ec87b845ba68b85ba4261e3216b2f31c0a5997d9da2d036df02e144d9b974b6be5df517e1a615b98ecb256f67acbf1edf36b3df911422e181

  • SSDEEP

    768:92424r+kQ3YmGvoYyLcaT0LrqH6EHV9HmDXhVp/s6zTgMlbDlxKWAb214:N24qkYYm66zmHG9HCx/jzTtbBxKY

Score
10/10
isfb5050gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://fazz.bing.com/check

http://swebbers.com
Attributes
  • base_path

    /jerry/

  • build

    250257

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
    gozi
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1788-56-0x00000000001C0000-0x00000000001E1000-memory.dmp
    .dll windows x86


    Headers

    Sections