General

  • Target

    1836-56-0x0000000000400000-0x0000000000475000-memory.dmp

  • Size

    468KB

  • MD5

    5a46c50f9c17b0bb4e67cef0ff5feb3c

  • SHA1

    93844d63e798a7ab63c30ac5a043973cd914bbae

  • SHA256

    4a9cd80222b6de68e366627e18349eee97c224597d4d828bb6ef0b05bd5fd20f

  • SHA512

    2802beff1a158866ea6fe28b49e2fa0b45eb7c104bba3d8f2783a057a74a896e99ccb15899f2bdb2f2620f19f9970f03cf06bc93a47f68b59281f96828463b5b

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7622

C2

botanlink.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1836-56-0x0000000000400000-0x0000000000475000-memory.dmp
    .exe windows x86


    Code Sign

    Headers

    Sections