malware-samples/binaries/gomorrah/2020/April at master ·
jstrosch/malware-samples
By Josh Stroschein
Archived: 2026-04-05 14:33:30 UTC
Gomorrah stealer (.NET binary)
MD5: 2fd45662e3d0ec0077ea2fa66b6378f0.bin
PCAP: 2fd45662e3d0ec0077ea2fa66b6378f0.pcap
See the README for information about the archive password.
Analysis source: Cuckoo 2.0.7
Date: 04/22/2020
This sample highlights Gomorrah activity along with successful C2 check-in and data-exfil.
Process Activity
https://github.com/jstrosch/malware-samples/tree/master/binaries/gomorrah/2020/April
Page 1 of 5

Process activity, anti-analysis was observed
Network Activity
https://github.com/jstrosch/malware-samples/tree/master/binaries/gomorrah/2020/April
Page 2 of 5

HTTP traffic with data-exfil
Suricata Alerts
Suricata alerts via Any.Run
Decompiler Output
https://github.com/jstrosch/malware-samples/tree/master/binaries/gomorrah/2020/April
Page 3 of 5

Sample of primary program structure
https://github.com/jstrosch/malware-samples/tree/master/binaries/gomorrah/2020/April
Page 4 of 5

Sample of credit cards targeted
Source: https://github.com/jstrosch/malware-samples/tree/master/binaries/gomorrah/2020/April
https://github.com/jstrosch/malware-samples/tree/master/binaries/gomorrah/2020/April
Page 5 of 5