Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3172-154-0x000002F235300000-0x000002F23533A000-memory.dmp

  • Size

    232KB

  • MD5

    ca0f4edcbce50f48b746ad859a785e30

  • SHA1

    66dd8d68ec8b7b9a55e5fcf02a78a4c30e0723cc

  • SHA256

    da1469e7d9e8b7cc89bc85ee19c92a634996a982a86e1475c70931fb73e85a63

  • SHA512

    bb30627200a3e3bbfc8d21fdfb1b376176fbba283f3832214516369d999bcbf0f982d1924d4d4b813dea91a02328cf34488200a75b046d1f56ef6ff23cf05cbe

  • SSDEEP

    6144:DOZiNwkzdjpi5azwE2uP3qqMFTXne5G8jwNw:DHwkx9cazwE2Y3q9TXnBdN

Score
10/10
1200gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1200

C2

arrrm.msn.com

185.212.47.240

arfrfm.msn.com

176.10.119.51

185.212.47.244

185.189.151.165

194.76.225.57
Attributes
  • base_path

    /zerobin/

  • exe_type

    worker

  • extension

    .bon

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 3172-154-0x000002F235300000-0x000002F23533A000-memory.dmp