General

  • Target

    unpacked_ursnif.bin

  • Size

    52KB

  • MD5

    a069a2a61eaa75e9440d1c57bc66a902

  • SHA1

    0c3ac192ffb1871916e1c520b13057165a1aa888

  • SHA256

    9a7b02dce4e5e370cca6b2d51d7e19ee267e87054e50933296ae9c802aba3732

  • SHA512

    f7c0a7885ed448ca8b415f3ac4d828c2510122d8ab782e105ddf53e057ea5db324c13489718021271c46244daceceb01e3060cf37a186cf95ced7792eb367dda

  • SSDEEP

    768:Riirx/qT2zemt3fhwO8hEUumiw8v/MC2CyTQvnz3NsMe1ZXOTy:RBrx/qizemt3fhMXgvrrvnz3NsMkXOO

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.28

146.19.233.250

46.8.19.158

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • unpacked_ursnif.bin
    .dll windows:5 windows x86


    Headers

    Sections