# Gomorrah stealer (.NET binary)

**[github.com/jstrosch/malware-samples/tree/master/binaries/gomorrah/2020/April](https://github.com/jstrosch/malware-samples/tree/master/binaries/gomorrah/2020/April)**

jstrosch

MD5: 2fd45662e3d0ec0077ea2fa66b6378f0.bin

PCAP: 2fd45662e3d0ec0077ea2fa66b6378f0.pcap

See the [README for information about the archive password.](https://github.com/jstrosch/malware-samples)

Analysis source: Cuckoo 2.0.7

Date: 04/22/2020

This sample highlights Gomorrah activity along with successful C2 check-in and data-exfil.

## Process Activity


-----

Process activity, anti-analysis was observed

## Network Activity


-----

HTTP traffic with data-exfil

## Suricata Alerts

Suricata alerts via Any.Run

## Decompiler Output


-----

Sample of primary program structure


-----

Sample of credit cards targeted


-----