General
-
Target
1104-56-0x0000000000400000-0x00000000004C6000-memory.dmp
-
Size
792KB
-
Sample
230307-qtshzahe91
-
MD5
8325cbaebae1ae990c67dccb5b9b776f
-
SHA1
82b19e93d9b76f792d2bb0d6cbd5eca1ea2a0310
-
SHA256
90eab4e6b12b8dd1d4da28b14cd215f9317bab9a76ebcb526732fea0c067fc97
-
SHA512
64734f34a572b9c0f699d87d260c9a68d552e3872c98133d0832e4267c5cee02b8f238f24da91035c0d4e759cfd249a6187dffaae56fac932fc25664c1bb5f11
-
SSDEEP
6144:fKdJKH7l9M1bNj+0xVAjfRpqZIbZqEmlMNb:fsJKHB9M1bNi4AVcCbZUl
Behavioral task
behavioral1
Sample
1104-56-0x0000000000400000-0x00000000004C6000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1104-56-0x0000000000400000-0x00000000004C6000-memory.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7710
checklist.skype.com
62.173.140.103
31.41.44.63
46.8.19.239
185.77.96.40
46.8.19.116
31.41.44.48
62.173.139.11
62.173.138.251
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
1104-56-0x0000000000400000-0x00000000004C6000-memory.dmp
-
Size
792KB
-
MD5
8325cbaebae1ae990c67dccb5b9b776f
-
SHA1
82b19e93d9b76f792d2bb0d6cbd5eca1ea2a0310
-
SHA256
90eab4e6b12b8dd1d4da28b14cd215f9317bab9a76ebcb526732fea0c067fc97
-
SHA512
64734f34a572b9c0f699d87d260c9a68d552e3872c98133d0832e4267c5cee02b8f238f24da91035c0d4e759cfd249a6187dffaae56fac932fc25664c1bb5f11
-
SSDEEP
6144:fKdJKH7l9M1bNj+0xVAjfRpqZIbZqEmlMNb:fsJKHB9M1bNi4AVcCbZUl
Score3/10 -