General
-
Target
4bd3b41d373e85a5478838040fc56f50
-
Size
54KB
-
MD5
4bd3b41d373e85a5478838040fc56f50
-
SHA1
d11b606daf2f2909320afc672797372683c1362e
-
SHA256
c0d7e8fdc01774859e64b3bf827cefa7800391db0b8fe52028ea738182f18ad4
-
SHA512
8f88346f6ee4b706ccddb46e60190d4b29d0318d5d6ae517a61bf4ccb03cb0e77c11f7691d437af12603c75ddcce80202efddabebde17bf96e95e32eb0be072f
-
SSDEEP
1536:81EAiXqlalXCloEQc1g6m6W6xVKV4OQrnP:81EAiXqlalGoEnqCPs4OQj
Score
10/10
Malware Config
Extracted
Family
gozi
Botnet
1001
C2
update1.avast.com
zilbon.ws
update2.avira.com
lumpet.co
emerald.ws
ferroun.in
Attributes
-
base_path
/sreamble/
-
build
250207
-
dga_season
10
-
exe_type
loader
-
extension
.sre
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
4bd3b41d373e85a5478838040fc56f50
e9244b914da8ab3aa7f5dab62d3fe787
Headers
Imports
Sections