General

  • Target

    b66d3f6e80add81b9f4e3b1ba5d8b4cc

  • Size

    240KB

  • MD5

    b66d3f6e80add81b9f4e3b1ba5d8b4cc

  • SHA1

    7b7b7fadb70ac17dc9e73b3d674e3e25083508c7

  • SHA256

    2606c40933ea57d75211d34d1a197f40491b8ff9535daee06b2767b069848f4d

  • SHA512

    6445c3bd538f998e14706a8eb78e70500aa45c2fcf1a8294fc18e7edf6e26f9ba0a0e664f8b64cab0e45be57d955d2f11d504b6cf3c883ff53abb9a33e439a8f

  • SSDEEP

    6144:02yfji0Fu6oZMXe67BzvVLe+q+WXXO3WMbTcQ+:0vFu6gwN7BzvVe5/XIWMbP+

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

2500

C2

todo.faroin.at

apr.intoolkom.at

r23cirt55ysvtdvl.onion

kas.kargoapp.at

io.feen007.at

gtk.uploner.at

l46t3vgvmtx5wxe6.onion

pop.biopiof.at

free.monotreener.com

tb.yapker.at

app.flashgameo.at

Attributes
  • exe_type

    worker

  • server_id

    580

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b66d3f6e80add81b9f4e3b1ba5d8b4cc
    .dll windows:4 windows x64 arch:x64

    561babba107cc2296485d4ba59217cf8


    Headers

    Imports

    Sections