gozi | 844-55-0x00000000002A0000-0x0000000000304000-memory[.]dmp

General

Target

844-55-0x00000000002A0000-0x0000000000304000-memory.dmp
Size

400KB
MD5

a26257e0df72f0476c4856435946bd21
SHA1

c5f9ebcbe5855db78f0308462a728b9c3dfe223a
SHA256

fddb618d80bf33bac36154c90c112bfb74a38cba12ac2582e6a5e5307fe9a115
SHA512

77b0685f1cd079a8af8665e88e64dec49baa1ec65f72706c2beb12de355749b8da3add91e651e33ec6c48c591734836b3eb77daab34365f84cd60f036aed4ee8
SSDEEP

768:C2O+MU2uhYm3DvqmyjcUT0LrqH6EHV9HmDXhVp/s6zTgMlbDlxKWAb2/1:y+MU24Ym3hmVmHG9HCx/jzTtbBxK8

Score

10^/10

isfb 999665 gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

999665

C2

chick.bing.com

http://176.10.111.72

http://94.247.42.106

http://94.247.42.79

http://185.212.44.76

http://45.155.249.200

http://45.155.250.216

Attributes

base_path
/zerotohero/
build
250257
exe_type
loader
extension
.asi
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
844-55-0x00000000002A0000-0x0000000000304000-memory.dmp

Files

844-55-0x00000000002A0000-0x0000000000304000-memory.dmp
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1024B - Virtual size: 735B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 604B

.bss Size: 1024B - Virtual size: 735B

.reloc Size: 29KB - Virtual size: 32KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 604B

.bss
Size: 1024B - Virtual size: 735B

.reloc
Size: 29KB - Virtual size: 32KB