General

  • Target

    1796-57-0x00000000001E0000-0x000000000024F000-memory.dmp

  • Size

    444KB

  • MD5

    61c266164965a67ed6b760611ffd2447

  • SHA1

    38a3e10184a5ee175293f8df713fc01e7cafc777

  • SHA256

    8ec0884d8586ebd34abda9cd8632e2190d107334b27bd861c965501880fcedce

  • SHA512

    cec65d5f73eef5b913b44c59051cfb00499c8e036c399095e0be377c4157cc0faa3346da1d7d0bc392f85ba8a1b5838592383c798236ea9fb724174629b3eed6

  • SSDEEP

    768:A2ppD0XU20VgIVvky2AZLKuFjoaHddrJ6271EPs1hSe7cBVksMPyx2:rps0VgIoA5pVddIZP6se4Hs

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

194.76.226.15

109.230.199.114

Attributes
  • base_path

    /drew/

  • build

    250235

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1796-57-0x00000000001E0000-0x000000000024F000-memory.dmp
    .dll windows x86


    Headers

    Sections