Behavioral task
behavioral1
Sample
1312-57-0x0000000000220000-0x00000000002B0000-memory.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1312-57-0x0000000000220000-0x00000000002B0000-memory.dll
Resource
win10v2004-20240226-en
General
-
Target
1312-57-0x0000000000220000-0x00000000002B0000-memory.dmp
-
Size
576KB
-
MD5
00999d0c7441f7df98d7c51555e49b49
-
SHA1
c82684c033dca25a5e06239dd89c26ba50290769
-
SHA256
46b3c88f0c0b01af8133ea8f70ead6ac5728194ad6dc5fa2a28835bce5b1b0e8
-
SHA512
b4c2df11efadafd39dbf388c2b98b9816dba2aa689a7a58aaee165a7dc984002b27e0a0d458f677f9926854061762c09cf550aee1eb8b5294cfa6be8fef6a605
-
SSDEEP
768:B2fdU27y2VWZYmACvCsyXAXdHon1a7KLtA/+aPW0d6dfXSt8wpaJMHg4k+R:+u2+2VoYmAwyAtv7K6maPFwdf/wmSk
Malware Config
Extracted
gozi
Extracted
gozi
5050
https://config.edge.skype.com
91.215.85.222
-
base_path
/jerry/
-
build
250257
-
exe_type
loader
-
extension
.bob
-
server_id
50
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1312-57-0x0000000000220000-0x00000000002B0000-memory.dmp
Files
-
1312-57-0x0000000000220000-0x00000000002B0000-memory.dmp.dll windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 604B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: 1024B - Virtual size: 735B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 29KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ