gozi | 1376-58-0x00000000001D0000-0x00000000001E3000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1376-58-0x00000000001D0000-0x00000000001E3000-memory.dmp
Size

76KB
MD5

bad14cdf54f7292775dee44b0e8219e1
SHA1

2407bb3a65aa8c26d7d898fe902778478a0d15ff
SHA256

55690a89567721f1dbc7170a9c3e4391960af15b78cd7e67d955edb6e3237484
SHA512

5ad22d6cf9411f22db5dff6f19869934d04ab31a4277b2c2cafb073d022aec1b8370b6f2120a8cf0429cfb033b2b6e2f215020675cea4dae2e3b56f0300a4319
SSDEEP

1536:ByFML+2YIf5YdDn/qGU1jDiqD//////////////////////////////////////S:BYM5n5eqGU13z

Score

10^/10

ldr4 1000 gozi

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://vertalis.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1376-58-0x00000000001D0000-0x00000000001E3000-memory.dmp

Files

1376-58-0x00000000001D0000-0x00000000001E3000-memory.dmp
.dll windows x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 38KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 9KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ