Overview

overview

10

Static

static

10

1416-58-0x...ry.dll

windows7-x64

1

1416-58-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1416-58-0x00000000001F0000-0x00000000001FE000-memory.dmp

  • Size

    56KB

  • MD5

    4f81b31addb341c6a35d3b01b2025e8a

  • SHA1

    14742e07ca600dfd009a15f5ec7884cd0ffa6a36

  • SHA256

    1b4193409f97394db766eaeb33397bb879409f03cab7e54dc1f9a09c28697a31

  • SHA512

    c501ae7936922ac0646046bd27c2a46858f9b9e592c7c45b88f6f0678961434748634f9a6e91251bd82a6b583f5eb74bf6916729a495bc18c8a22ebb4b213bfd

  • SSDEEP

    768:A2R1W1xm3L4xvRy5NGQgGoKItuFe666yuwyF8sj1YsFVOZd43HmIt6J:PMbm3L4f2oKItuLn3kfsLs9/

Score
10/10
isfb5050gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.201
Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
    gozi
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1416-58-0x00000000001F0000-0x00000000001FE000-memory.dmp
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections