General
-
Target
4420-142-0x0000000000550000-0x000000000055D000-memory.dmp
-
Size
52KB
-
MD5
75074e4a8af5044cc48d4da84cfc665e
-
SHA1
47b16904313b6939cd44f1d2678c936658b0d92d
-
SHA256
54672523357f534da792f3661cf9f52015ce0a5e6381e47dffc618a2945530c1
-
SHA512
26bc134b7ded523c96d5b511f05e56acbe2cfa16809c709fcdba783abf0725d3992acefbf2b13f6c7c7bbb15a2580bcc442ed7fb1fb70941c1c290b9c7832fc5
-
SSDEEP
768:5L8+RCFn8rCLCbavUpXn3kuWwZ5IE6tCT4sPfGJFrVzhASpZe:98gCp8rCLCPn3kuDZCEACT4sP+rPe
Score
10/10
Malware Config
Extracted
Family
gozi
Botnet
1001
C2
https://checklist.skype.com
http://176.10.125.84
http://91.242.219.235
http://79.132.130.73
http://176.10.119.209
http://194.76.225.88
http://79.132.134.158
Attributes
-
base_path
/microsoft/
-
build
260255
-
exe_type
loader
-
extension
.acx
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
4420-142-0x0000000000550000-0x000000000055D000-memory.dmp
Headers
Sections