General

  • Target

    4248-133-0x00000000021F0000-0x00000000021FD000-memory.dmp

  • Size

    52KB

  • MD5

    1caa55329ddf312b2a1d94f42f7c5676

  • SHA1

    abb102921df990c24d2654939fcc40e6707e6240

  • SHA256

    e861c0f6c325b5e0f54b9c61fb79201ba680fc3c7dd28fff93145a0a1dae8b7d

  • SHA512

    7b21314c270cebcf4c674f8757db67069225389117776b1a4903102249edbcbe24112e6974ed915b28ea5b3e6d13e16a59624c8e8d20fa1c9d5ec60775b001cc

  • SSDEEP

    1536:wXsPG7v/FbEuhB6e6o9bWMFMrS45QBOQ:7Psv/b0KzFMxmBb

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7701

C2

checklist.skype.com

62.173.145.223

31.41.44.105

45.89.66.58

Attributes
  • base_path

    /drew/

  • build

    250249

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 4248-133-0x00000000021F0000-0x00000000021FD000-memory.dmp
    .dll windows x86


    Headers

    Sections