Overview

overview

10

Static

static

10

216-135-0x...ry.dll

windows7-x64

3

216-135-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    216-135-0x0000000004A60000-0x0000000004A6D000-memory.dmp

  • Size

    52KB

  • MD5

    6fbc263061626bd783f5fe960af1fd9f

  • SHA1

    c917c861eb7f34b56dd53d028c18cf59143ea9e4

  • SHA256

    2f7187b07096737af11273861277e3e27ae9b154f508e3ee9751e96d88f08217

  • SHA512

    431a33d6b0be93cfc480c9b2f6bc44a17924b39bae4a66b03858cee2f1b8a46cb625e916e3a38c41007822fc4e57ace9122ec773dae6b430ea3b6e62923aa12c

  • SSDEEP

    768:G6EqqFV5MqGB8/c4gLXHKHVPsHYpg69Rw4IIEr5dMFhK3D1Gc4d:Gbqqc8/clLXIhs4TpIIEddMyD1Gc4d

Score
10/10
isfb7710gozi

Malware Config

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 216-135-0x0000000004A60000-0x0000000004A6D000-memory.dmp
    .dll windows x86


    Headers

    Sections