General

  • Target

    1808-57-0x0000000000170000-0x000000000017E000-memory.dmp

  • Size

    56KB

  • MD5

    6f72ecaeaf6d8b0a06f0da5ae3754dbe

  • SHA1

    42750e04efcfec1868d5d80287d212e7f2a2abb6

  • SHA256

    15622fff703648c6b515892046f883f4737e55d08e11fec5bbfed084e922ce4c

  • SHA512

    0c9c3c62d630bad4a3245b9e6b30133b6b78f8b0faa3d611ea4ce912d126f380bfbfc0149bdb6d79580acccd12980076165c7b4cc0787816cba2908b8124c3e7

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7625

C2

sistemliner.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1808-57-0x0000000000170000-0x000000000017E000-memory.dmp
    .dll windows x86


    Code Sign

    Headers

    Sections