Overview

overview

10

Static

static

10

2780-57-0x...ry.dll

windows7-x64

1

2780-57-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    2780-57-0x0000000000220000-0x000000000022E000-memory.dmp

  • Size

    56KB

  • MD5

    54b1e48bf92fea2b36e1f8072209cac4

  • SHA1

    fdbb520abff2243479684c4b18d1606dbcbed19f

  • SHA256

    1e77700d5d921221ab9b26dbf70d226e7f62ddfd6dcef73b705b57ed10218e88

  • SHA512

    51271596ab690060fa9589114d75871c0018ccf618b7d89406c03bc493542f41a2cac0e5693b4b58f6652f692ceee8795864210f78dd9375dde1743bf1de3d88

  • SSDEEP

    768:A2+WCU0YgGHvvyCofuFr8dluSHUv1oxU/Zom87E4fHA4sj3M4FVOZd43HmItv:YWF0YhntrFr4DU6x2JE3QJLs9Q

Score
10/10
isfb5050gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

157.254.195.117

91.215.85.172
Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
    gozi
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2780-57-0x0000000000220000-0x000000000022E000-memory.dmp
    .dll windows x86


    Headers

    Sections