gozi | 2000-58-0x00000000003E0000-0x00000000003F3000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2000-58-0x00000000003E0000-0x00000000003F3000-memory.dmp
Size

76KB
MD5

a31de6e88b288b37f6fc08ab2ecdd023
SHA1

573dbed3dc25e113251b401636a3384ba34695f9
SHA256

c6b00d37bd00e9ced4c3e23fdb4d0e693032dc49b31c10247f516961e5ecdcfc
SHA512

9c886324a765b71f9a4c48978cdc504c2c5094b402647b32ea8b0bac59b573cc9b6f0c6248d838531a2ec75004bd7d479bd8ea2eff5f3987ee8cab72672ab77d
SSDEEP

1536:iyFML+2YIf5YdDn/qGU1jDiMj//////////////////////////////////////S:iYM5n5eqGU13t

Score

10^/10

ldr4 1000 gozi

Malware Config

Extracted

Family

gozi

Botnet

1000

C2

https://vertalis.top

Attributes

host_keep_time
2
host_shift_time
1
idle_time
1
request_time
10

aes.plain

Signatures

Gozi family
gozi

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2000-58-0x00000000003E0000-0x00000000003F3000-memory.dmp

Files

2000-58-0x00000000003E0000-0x00000000003F3000-memory.dmp
.dll windows:5 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 38KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 9KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ