gozi | 11666779745[.]zip

General

Target

11666779745.zip
Size

28KB
MD5

0e90df472a7b25eae5653f574b98b13c
SHA1

bfc48ff12996d63d7b0e308efffa00b53f050fbf
SHA256

3e93dbd5b08b343f56a392f0d6ab5866aa2c0af38f8b772246e9b89ca30a0699
SHA512

65040f47c24144d95c4647c0373fdeba402e6dd574d992600f87a7d6b4ed162cdd154043a80fbabe5131032dd5100ba0a1098c7c6bfd60ba6fe34138357c0b7c
SSDEEP

768:G8xfMG5Ajb9hICe42aEqB6eJzhAPmdgSaPMgTOC:G8VM0m2gz5MR

Score

10^/10

isfb 5050 gozi

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

config.edge.skype.com

optinetwork.top

onlynetwork.top

internetcoca.in

dendexmm.com

Attributes

base_path
/jerry/
build
250249
exe_type
loader
extension
.bob
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9b769e4822c4820aeea6523972c025754e3186f520f76491f76ef4d316f06226

Files

11666779745.zip
.zip

Password: infected
9b769e4822c4820aeea6523972c025754e3186f520f76491f76ef4d316f06226
.dll windows x86

Password: infected

b1e1d582732e4e48ca192109b68c23b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ord2
ord16
ord15
ord6

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1000B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: infected

Password: infected

b1e1d582732e4e48ca192109b68c23b4

Headers

File Characteristics

Imports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1000B - Virtual size: 1000B

.bss Size: 3KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1000B - Virtual size: 1000B

.bss
Size: 3KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB