General
-
Target
4392-145-0x0000000001070000-0x000000000107D000-memory.dmp
-
Size
52KB
-
MD5
33beff6f1ea78e71801c586536b14cd0
-
SHA1
924625f9dfcd64970959bb93d856116fc6ffe8af
-
SHA256
8b428e5610c8cdd9402625aa71a74fea8b20813da55aa0027b157924b82b9893
-
SHA512
92c5ca183db22ad8d6b40f57f6a4213ce7c89799005fc6ee18b75bf7578b2b7a8aced8eb2b87e50c89e80a9b3f9c81455f53ea94d01539fd1398e0e3f5c8939b
-
SSDEEP
1536:2+ZyYouiZh0CuAmt3tnomr+TafnVsPFrPe:EXuTC1mZVJUadsPFr
Score
10/10
Malware Config
Extracted
Family
gozi
Botnet
1001
C2
https://checklist.skype.com
http://176.10.125.84
http://91.242.219.235
http://79.132.130.73
http://176.10.119.209
http://194.76.225.88
http://79.132.134.158
Attributes
-
base_path
/microsoft/
-
build
260255
-
exe_type
loader
-
extension
.acx
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
4392-145-0x0000000001070000-0x000000000107D000-memory.dmp
Headers
Sections