General

  • Target

    77e7c5676e544d3ecb6d5fa9ebc634b8

  • Size

    242KB

  • MD5

    77e7c5676e544d3ecb6d5fa9ebc634b8

  • SHA1

    7fa45db5ff7113461288f7576d0b69c0cc932a4e

  • SHA256

    d01013d9dbc6f31b2ae3168b323780f8f9f88029c009e05a7b561f42440cf161

  • SHA512

    bbeea4619f005eece5f76e78bcc63ec8b6b4558a9f694916533ebb7f42a9a9ffb937c084c7757f50b26293b5b38e153c811cbdfa3b629425b0c5a4478c1beaca

  • SSDEEP

    6144:QrezMySF6ymJNNDgq2L4LlcwFhR2hMX/BWEWk4SiFr:Qrc4FxmJrr2LicwlcMX/BWEWCit

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

1500

C2

app.flashgameo.at

apr.intoolkom.at

r23cirt55ysvtdvl.onion

gtk5.variyan.at

pop.biopiof.at

l46t3vgvmtx5wxe6.onion

v10.avyanok.com

free.monotreener.com

sam.notlaren.at

Attributes
  • exe_type

    worker

  • server_id

    580

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 77e7c5676e544d3ecb6d5fa9ebc634b8
    .dll windows:4 windows x64 arch:x64

    8a5d8f502e35131a4443369f6ddb5a6c


    Headers

    Imports

    Sections