Overview

overview

10

Static

static

10

1876-135-0...ry.dll

windows7-x64

3

1876-135-0...ry.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1876-135-0x0000000004920000-0x000000000492D000-memory.dmp

  • Size

    52KB

  • MD5

    c151e53d403de92dbcead28866bbfaab

  • SHA1

    a80d7ef84d6be35d99cba4243ddb1a4c4bc3befd

  • SHA256

    9e2727e92b3fea2dbde2765106ff52bf9e0e43a800f8672776f12e1cbb2d093a

  • SHA512

    09e73f74c72aeeb2246acf0471b149bcd2d9b6e978cf4b48834f418f5d08e961e67dfeab01ec22780cacd1c6bd4af206f745f9e06c01e2f53d5d1817d6ac78ab

  • SSDEEP

    768:B+M2qVsGoqmNg/84MvnjiHJ7gShAKW/+9NcYccAfSdMlhK3D1Gc:BH2qUg/8ZvnMBgShzxccAfSdMSD1Gc

Score
10/10
isfb7709gozi

Malware Config

Extracted

Family

gozi

Botnet

7709

C2

checklist.skype.com

62.173.141.252

31.41.44.33

109.248.11.112
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1876-135-0x0000000004920000-0x000000000492D000-memory.dmp
    .dll windows x86


    Headers

    Sections