Behavioral task
behavioral1
Sample
unpacked_ursnif.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
unpacked_ursnif.dll
Resource
win10v2004-20230915-en
General
-
Target
unpacked_ursnif.bin
-
Size
52KB
-
MD5
a069a2a61eaa75e9440d1c57bc66a902
-
SHA1
0c3ac192ffb1871916e1c520b13057165a1aa888
-
SHA256
9a7b02dce4e5e370cca6b2d51d7e19ee267e87054e50933296ae9c802aba3732
-
SHA512
f7c0a7885ed448ca8b415f3ac4d828c2510122d8ab782e105ddf53e057ea5db324c13489718021271c46244daceceb01e3060cf37a186cf95ced7792eb367dda
-
SSDEEP
768:Riirx/qT2zemt3fhwO8hEUumiw8v/MC2CyTQvnz3NsMe1ZXOTy:RBrx/qizemt3fhMXgvrrvnz3NsMkXOO
Malware Config
Extracted
gozi
5050
31.41.44.28
146.19.233.250
46.8.19.158
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpacked_ursnif.bin
Files
-
unpacked_ursnif.bin.dll windows:5 windows x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 30KB - Virtual size: 30KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ