General
-
Target
1984-56-0x0000000000290000-0x000000000029D000-memory.dmp
-
Size
52KB
-
MD5
d3ea1d6562827be0e13faeff8f02fcfc
-
SHA1
912607d527782dab9d7b6d3386da47bd41542e4a
-
SHA256
888ad42df2f82e2a9ff4130245c0cc999f9ef7308a4a70d3209dca20ddd420b4
-
SHA512
341c23b59713692dbcef0ae76120c724039604562ec3d32ab33bdc7daf878e979504564660081e461d471476a22ea749f6827fcf9f14a1c8bc60a2b119fa5588
-
SSDEEP
768:YtDwRqjPvqQmr/c4ZqymHCs9azaU1zKxEx5kd76dMhhK3D1Gc4d:Yt0RqCr/csqr798hx5kB6dMeD1Gc4d
Score
10/10
Malware Config
Extracted
Family
gozi
Botnet
7710
C2
checklist.skype.com
62.173.140.103
31.41.44.63
46.8.19.239
185.77.96.40
46.8.19.116
31.41.44.48
62.173.139.11
62.173.138.251
Attributes
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
1984-56-0x0000000000290000-0x000000000029D000-memory.dmp
Headers
Sections