General
-
Target
3760-207-0x0000021B7AF50000-0x0000021B7AF93000-memory.dmp
-
Size
268KB
-
MD5
eda1b76b8fbd6c9778502de8f5b89846
-
SHA1
ce6d26ba75460e66a02febf0b714a33654308109
-
SHA256
e6ec5283d2c92116e4ed96949464ad400ffcb697c03ce79d6d6291d9b9987562
-
SHA512
a8b21239216e5d8230e75da1832f60e90aba2a9b4862b248514fdb1aec19a5d17cbf6632e1fe4a9ceaf6097ea680c466c82a5f73b8b1627d74a465882482f951
-
SSDEEP
6144:7vMTcREa3tgFuS13zpTPisY0EqWaZ5zKGTF:7vMYnd4uS13zpTPrY0EqWa3RR
Malware Config
Extracted
gozi
1001
https://checklist.skype.com
http://176.10.111.164
http://79.132.130.76
http://170.130.165.60
http://91.242.219.237
http://185.90.162.33
http://185.158.248.100
https://checkdlist.skype.com
http://109.230.199.110
https://checfklist.skype.com
http://45.11.183.24
https://checklisft.skype.com
http://37.10.71.114
http://176.10.119.217
https://checklist.skyfpe.com
http://79.132.133.128
-
base_path
/microsoft/
-
exe_type
worker
-
extension
.acx
-
server_id
50
Signatures
-
Gozi family
Files
-
3760-207-0x0000021B7AF50000-0x0000021B7AF93000-memory.dmp