Overview

overview

10

Static

static

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1876-159-0x000001E030B80000-0x000001E030BBC000-memory.dmp

  • Size

    240KB

  • MD5

    3ea4b492bf116f041976797551bb3dec

  • SHA1

    66f7e56dbc58523e38b8bdb2080c70f11a289fd6

  • SHA256

    65878b69a0017d32fee43ab305c3930b5ec3de49865b25335c1795c94ae3a5ec

  • SHA512

    643ab6353e4cbd64feae35bfd07cc6016f4a446867b8c1e9af1fa0e8e938f8cbd1606e30b3efa76a1182c3f85d80e84c92642a3f70cb7b9f0a2859d3c17f7d73

  • SSDEEP

    3072:NtLjLpy1qye5zYou/3+tjSk+4uDXXZdXhGuGYZdjCGqC75PcjH1Wm:7bpy1vIk/3+BSkKX7RdGC35QW

Score
10/10
isfb7639gozi

Malware Config

Extracted

Family

gozi

Botnet

7639

C2

185.31.162.9

31.41.46.120

31.41.44.71

62.173.147.138

31.41.44.79

62.173.147.142

62.173.147.64
Attributes
  • base_path

    /drew/

  • exe_type

    worker

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1876-159-0x000001E030B80000-0x000001E030BBC000-memory.dmp