General
-
Target
600-57-0x0000000010000000-0x000000001000E000-memory.dmp
-
Size
56KB
-
MD5
807798f015fc796141f95bb75f4aff3b
-
SHA1
d7a312ad2792afd930ebf064e653b3cec48cde3e
-
SHA256
f3b166c484c622948fc255e0848009829734b30e548aacb2b36e231e893fedd1
-
SHA512
1938beac40fdd3f8dfada694352daa9adf6101ff86cea59ff32d4fed3c3d5760b8abc420701b8f3e73fbde473467eec31672f9b10c7c6a33cec8c80c09824121
-
SSDEEP
768:A2gGmsx3R69vhvjyRpq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiu6:KGBx3R6HApqlaPGhVMq2LpeReOb2Pmp
Score
10/10
Malware Config
Extracted
Family
gozi_ifsb
Botnet
5000
C2
config.edge.skype.com
onlinetwork.top
linetwork.top
Attributes
-
base_path
/drew/
-
build
250246
-
exe_type
loader
-
extension
.jlk
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi_ifsb family
Files
-
600-57-0x0000000010000000-0x000000001000E000-memory.dmp
Headers
Sections