General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • MD5

    214a1051ed181cd5506ce1bf029aef9b

  • SHA1

    f46f1e1604bd9349a0183e47d800874192e30c92

  • SHA256

    84709e22560f113cc93c49275c2b3598f2fbb3b6be986806dffe2664ff5a18af

  • SHA512

    001d752fb7173f248258a41aa061f292661fcb29026f5a687e9f74b18d03453d689e6a489bae91d8a02103a0c9070677cd4cca7f816a6c033ca83fe0824afa18

  • SSDEEP

    768:Dg7utFyMcDYENEyjQfE8YCX+OkKE/mOp9Sy6Cse8zbs7gpAXCw4XL:DuAcMcp8YCX+OkKm5Sy6Cse8vs72X

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

2100

C2

diwdjndsfnj.ru

iwqdndomdn.su

mnvxcjieifad.su

jdsncjxjujdww.ru

Attributes
  • base_path

    /uploaded/

  • build

    250259

  • exe_type

    loader

  • extension

    .pct

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • gozi.payload-disk
    .dll windows x86

    ef075d26b728b78a932306e24062e80c


    Headers

    Imports

    Sections