gozi | NEAS[.]4ae472fae99d6aa46e179cc4546ab4b0[.]exe

General

Target

NEAS.4ae472fae99d6aa46e179cc4546ab4b0.exe
Size

64KB
MD5

4ae472fae99d6aa46e179cc4546ab4b0
SHA1

ca6b73ea9257ffea860e8472a06b4eedab5ee68a
SHA256

1767ac69dfe318b81181e0f5ed5ebc2386785d2a5028117dfcd0541b7cbcc61e
SHA512

a8d7bef15d9ff9b2ade030f2a8f9da6151320cff9ed602047ae4c83d10f4e7a3b34dbb5f20ff602e8085d08b176231a38c1cb109cd54278f6da94b4090d53036
SSDEEP

1536:s+8WnrlM3THhV/4e2qlalXpQc1aia5oCLOes:saloBVwe2qlal5naioLLOB

Score

10^/10

isfb 8004 gozi

Malware Config

Extracted

Family

gozi

Botnet

8004

C2

slammagysmanskkapsulrttezya.website

rutramagysmanskkmoderatordstezya.website

rubalasksigysmanlkavayssstezya.website

nalgysmanurmaskmikluhasya.website

gnalmgysmanask4ermanderezya.website

rusitmgysmanaskpikabyatezya.website

rubymgysmanmaskrufinurtdrfezya.website

rufgysmanymrmaskbteyryeuliliezya.website

skumrmgysmanaskihglassdzya.website

rramaskkmigysmanleronurzya.website

rurparagysmanmaskstreptokokusstezya.space

rbabamrgysmanmaskriserdfnstezya.space

runyanmgysmanaskklasgindtezya.space

rurprgysmanamskprikchinhdncstezya.space

sramrmaskgysmanproteploszya.space

glamrgysmanaskdkambibatstezya.space

rutichhdaskgysmanoltogorovidsnstezya.space

rkovkagysmanmasksemyanastezya.adygeya.su

rrakomaskpgysmancdakirgitushkanchikzya.adygeya.su

rzipaurgysmanmaskssmastaezya.abkhazia.su

Attributes

build
250161
dga_season
10
dns_servers
107.174.86.134

107.175.127.22
exe_type
loader
server_id
12

rsa_pubkey.plain

serpent.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4ae472fae99d6aa46e179cc4546ab4b0.exe

Files

NEAS.4ae472fae99d6aa46e179cc4546ab4b0.exe
.dll windows:5 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 836B

.bss Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 836B

.bss
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB