General
-
Target
1684-135-0x0000000004960000-0x000000000496D000-memory.dmp
-
Size
52KB
-
MD5
738542992b04be6ecc0934b1f7511365
-
SHA1
c4002ff3e40f840da1ee3dd263adc7fee2442f49
-
SHA256
6b1d4bc91dc465cb392d1acfc219b1d7306b12df3c2a488bb775253b2d1c3d82
-
SHA512
5af235d634200e8dc54c638cd760bf459f7ceb2227d4ec2b6748fa701e8e95e09764b159cdd6ea8b67655f5547289de8bc082ef9d3a318f6e7d3df04c68904a5
-
SSDEEP
768:5hIk6qFnq/qGRM/84QbDjKHbp/891yCHK9BgY44EOGdMlhK3D1Gc:5r6qcXM/8VboB8zMJ44EvdMSD1Gc
Score
10/10
Malware Config
Extracted
Family
gozi
Botnet
7709
C2
checklist.skype.com
62.173.141.252
31.41.44.33
109.248.11.112
Attributes
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
1684-135-0x0000000004960000-0x000000000496D000-memory.dmp
Headers
Sections