General

  • Target

    1104-56-0x0000000000400000-0x00000000004C6000-memory.dmp

  • Size

    792KB

  • Sample

    230307-qtshzahe91

  • MD5

    8325cbaebae1ae990c67dccb5b9b776f

  • SHA1

    82b19e93d9b76f792d2bb0d6cbd5eca1ea2a0310

  • SHA256

    90eab4e6b12b8dd1d4da28b14cd215f9317bab9a76ebcb526732fea0c067fc97

  • SHA512

    64734f34a572b9c0f699d87d260c9a68d552e3872c98133d0832e4267c5cee02b8f238f24da91035c0d4e759cfd249a6187dffaae56fac932fc25664c1bb5f11

  • SSDEEP

    6144:fKdJKH7l9M1bNj+0xVAjfRpqZIbZqEmlMNb:fsJKHB9M1bNi4AVcCbZUl

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1104-56-0x0000000000400000-0x00000000004C6000-memory.dmp

    • Size

      792KB

    • MD5

      8325cbaebae1ae990c67dccb5b9b776f

    • SHA1

      82b19e93d9b76f792d2bb0d6cbd5eca1ea2a0310

    • SHA256

      90eab4e6b12b8dd1d4da28b14cd215f9317bab9a76ebcb526732fea0c067fc97

    • SHA512

      64734f34a572b9c0f699d87d260c9a68d552e3872c98133d0832e4267c5cee02b8f238f24da91035c0d4e759cfd249a6187dffaae56fac932fc25664c1bb5f11

    • SSDEEP

      6144:fKdJKH7l9M1bNj+0xVAjfRpqZIbZqEmlMNb:fsJKHB9M1bNi4AVcCbZUl

    Score
    3/10

MITRE ATT&CK Matrix

Tasks