General

  • Target

    1660-57-0x0000000010000000-0x000000001000E000-memory.dmp

  • Size

    56KB

  • MD5

    0fa97ef07f6aaee8156e4adc2d7b2fbf

  • SHA1

    e3e7ad0fecd8bf8d89bc5076edf4f64d889d4a6c

  • SHA256

    c6dc63cef61f9af4d1f553422632823d1004796b366320eb38d2ad1c470e190c

  • SHA512

    c375326be9829380e0c6ea56105377639d0f07bab64c3d118a11653802b0532dcf46596d3f1147d0b62d2ea151ab5379f88b4e4e77f250afffb5f603e66ad785

  • SSDEEP

    768:A2PrU7eukUXM7dPVvWTyTdcNtW2RTYBfx6w39rDE3Lkjx2K/ZK38u5:laeuZM7dsTqdeD8B56w39HE384h38K

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

37.120.206.71

37.120.206.84

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1660-57-0x0000000010000000-0x000000001000E000-memory.dmp
    .dll windows x86


    Headers

    Sections