General

  • Target

    251573f0000.dll.exe

  • Size

    244KB

  • MD5

    8ae1f37abcb4cf2341c01539f5c7c1f9

  • SHA1

    9d180586d8f52f464fa63c6a6702669b0231cb8c

  • SHA256

    48c773c90a7f3175484442364334b7a8e6a166dfa771170b2cd9a308f59b3345

  • SHA512

    8cc9bfbf5b43c355f6dd64159ad982fa925daab56a9578cb370bbe33b9929db9bfbf8cd2486ec83fb9a406d0d912689cdf35768b7d7982dc94dbc7e5e551eee1

  • SSDEEP

    6144:qX72v82Wldh1KeRFSbaWrxlsw1r5tz5G:qL2v8znYSSeWr4a

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

fotexion.com

Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 251573f0000.dll.exe
    .dll windows:5 windows x64

    81de4ee1071a8320787d7c9e149ace7f


    Headers

    Imports

    Sections