General
-
Target
3372-140-0x0000000000400000-0x0000000000495000-memory.dmp
-
Size
596KB
-
MD5
acd0fc91e0c24024bf14bdd2b0b76361
-
SHA1
b3a857f0dd3ad9a7acb867d7a9eaf93a74c89bdb
-
SHA256
b0e9693b49669a9b1e56fc33824642a8789469906455b2bdb03d50c186938c44
-
SHA512
c52f5fdc2a83bff237dc75e9bd4055531540a675aa85750263b481e3279a97c3d73af3a3f2a51effac5dd21a4755dd01845d8cb7b04a0e75efacd5a11d0737e3
-
SSDEEP
768:L2HRfxRHbvvpywyV34OB9bl5n+iRjn9P1avZa9Bmr1h097mI5:kRfxR7Zjyt5+0zavZangX097m
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
22500
C2
confisg.edge.skype.com
http://
s28bxcw.xyz
config.edgse.skype.com
http://89.43.107.7
Attributes
-
base_path
/recycle/
-
build
250249
-
exe_type
loader
-
extension
.alo
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
3372-140-0x0000000000400000-0x0000000000495000-memory.dmp
Headers
Sections