General
-
Target
2296-269-0x00000180A5430000-0x00000180A5473000-memory.dmp
-
Size
268KB
-
MD5
f33406314e5982225042cd728eac42a2
-
SHA1
eeeca3fc51554d3a89ce59abb0ee425f376c3a25
-
SHA256
08cb05a4f7e046a92851d6aaad87ac7d1d98b9d8df5ab279b9fdb403f8413d78
-
SHA512
3b85a20743b26b6e3abf5abcb441b5cc4b98ba6bad79dacf5c01090356c30603c31788e575f6ec2a3d0cf6e3047597f7bfbfce4b8da9f11b29b239510c0d167c
-
SSDEEP
6144:2vMTcREa3tgFuS13zpTPisY0yCqSaZ5nXKGTF:2vMYnd4uS13zpTPrY0fqSazRR
Malware Config
Extracted
gozi
1001
https://checklist.skype.com
http://176.10.111.164
http://79.132.130.76
http://170.130.165.60
http://91.242.219.237
http://185.90.162.33
http://185.158.248.100
https://checkdlist.skype.com
http://109.230.199.110
https://checfklist.skype.com
http://45.11.183.24
https://checklisft.skype.com
http://37.10.71.114
http://176.10.119.217
https://checklist.skyfpe.com
http://79.132.133.128
-
base_path
/microsoft/
-
exe_type
worker
-
extension
.acx
-
server_id
50
Signatures
-
Gozi family
Files
-
2296-269-0x00000180A5430000-0x00000180A5473000-memory.dmp