gozi_ifsb | 2256-155-0x000001AB38E40000-0x000001AB38E7D000-memory[.]dmp | Triage

Submit
Reports

Overview

overview

Static

static

Sharing

Static task

static1

1 signatures

General

Target

2256-155-0x000001AB38E40000-0x000001AB38E7D000-memory.dmp
Size

244KB
MD5

22d4063e7bb93e3db0a75f5169f94c78
SHA1

ada520d2b95ea1fa58add78e2fb4a451deabcfff
SHA256

aa00113186e0ed271b3c605819dda52c1b808c906f41c1ab94340190a16af8f3
SHA512

9d237167480cff8b80b6e79587f2556b85129bcfd38942f9df2b42a144d8a9852a6daf6eda6ed97b79f0e11c2965378859bbbc743b6968d8d6da2ab0c883e33f
SSDEEP

3072:d5hinZgCo+NjJWSsznC2OCyzjFIz4V1T/JDR1vimBB78C758cjaj5eM:d+nZ1o+NJWbn2CMFIzSTRDR1vimR54z

Score

10^/10

1900 gozi_ifsb

Malware Config

Extracted

Family

gozi_ifsb

Botnet

1900

C2

apnfy.msn.com

194.76.225.61

185.212.47.186

45.11.180.215

45.11.180.219

Attributes

base_path
/doorway/
exe_type
worker
extension
.drr
server_id
50

rsa_pubkey.plain

aes.plain

Signatures

Gozi_ifsb family
gozi_ifsb

Files

2256-155-0x000001AB38E40000-0x000001AB38E7D000-memory.dmp

© 2018-2024

Terms | Privacy