General
-
Target
4460-135-0x0000000004910000-0x000000000491D000-memory.dmp
-
Size
52KB
-
MD5
70c8e3aacd2b7ff3cd744f79f44b272c
-
SHA1
eaa5fc8dffce46ac8438d4340796e6825f93bb9c
-
SHA256
1aae039ed57f58dbfb695806de0b5e9fe984f60a2905e893fad4b259856c32c0
-
SHA512
4149ceaec9d88899f70b8c2528137f7c21a50e342f9250ffab3f8ceb8e8662944a8a81d9ebf3f98c14a0d0ef41d221fe15c91f3573e9a48b6d041eda1fa419ce
-
SSDEEP
768:z9g1qrf76ICP/U41mHG7WHmb017Ah6q59O9s7xtsPdM3zthK3D1Gc:zq1qiP/UImPI017cxltsPdMOD1Gc
Score
10/10
Malware Config
Extracted
Family
gozi
Botnet
7709
C2
checklist.skype.com
62.173.141.252
31.41.44.33
109.248.11.112
Attributes
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
4460-135-0x0000000004910000-0x000000000491D000-memory.dmp
Headers
Sections