Overview

overview

10

Static

static

10

1328-58-0x...ry.dll

windows7-x64

1

1328-58-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    1328-58-0x00000000001B0000-0x00000000001BE000-memory.dmp

  • Size

    56KB

  • MD5

    903931043f22b65087794a5a234c21ae

  • SHA1

    976d5d0ecc33b8490570170f4b71425adab2230e

  • SHA256

    d0c227ffc1c6363f99c85f19f4ef48d9338f703103d2befe966c8b9dd1d37e3b

  • SHA512

    dd0a7c0eed1062dc204ee47b2e06f46f808a2e795a347f1df13d5d95b0abcf0aa697685a6176a8bbe6c4a1f045b575dff6e8c9a48ceca04046b325f7b8b86295

  • SSDEEP

    768:A2RM59m7qONvDy6ofuFr8dluSHUv1oxU/Zom87E4fHA4sj3Me5l7UDo+rCf5:zM7m7qOZFrFr4DU6x2JE3Q1lUnre

Score
10/10
isfb5050gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

157.254.195.117

91.215.85.151
Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1328-58-0x00000000001B0000-0x00000000001BE000-memory.dmp
    .dll windows x86


    Headers

    Sections