General

  • Target

    4356-146-0x0000000000330000-0x000000000033E000-memory.dmp

  • Size

    56KB

  • MD5

    af3c37bb94b2ecf7f26dbcebfe307ef0

  • SHA1

    5b71f4655cb200443b6e2422c403596835d93a41

  • SHA256

    444ba0b44ba87e975991194bc5ec22bd88c33f7bcfc25bc743f76bec7c00c066

  • SHA512

    784dc1952c2b9d47ba0279cbf83f0e2b4b698a5fe04ef665e950c7d9fd379444d5cfebcb36cdf003d76b9d41bd77543afda816fad09e2f0e0f0a2f616c7112b6

  • SSDEEP

    768:zlmSyFt/fSYDFAjvZXQruFPu4akfiEmrNX11Uxfef+Sl:zlvct/fSWajvjJak6HUfI

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1001

C2

https://checklist.skype.com

http://176.10.125.84

http://91.242.219.235

http://79.132.130.73

http://176.10.119.209

http://194.76.225.88

http://79.132.134.158

Attributes
  • base_path

    /microsoft/

  • build

    260255

  • exe_type

    loader

  • extension

    .acx

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 4356-146-0x0000000000330000-0x000000000033E000-memory.dmp
    .exe windows x86


    Headers

    Sections