General
-
Target
1964-56-0x0000000000400000-0x00000000004C6000-memory.dmp
-
Size
792KB
-
Sample
230307-xl893sag6y
-
MD5
a24a00bd20913f1eb0dfe4f786c30c63
-
SHA1
c3cd48275c7bb348b45e5a9f5ea6ae9369f59099
-
SHA256
31c8625a98430416f0f964a13a28ecac7ca611b24b34278279cd9f790afa7c0c
-
SHA512
417fca558760a431b89c1c207c9f5039dccfcca53157bf263805ce7f4fa1507f69f39af41c6f7441a3d58beab17350286f98b0c4a7e3a01678a3d058e25e80bf
-
SSDEEP
6144:fKiKH7l9MGnlb5NI9ZFFneK6HrFLI4eZu:fRKHB9MGR5N6ZznebHr0Zu
Behavioral task
behavioral1
Sample
1964-56-0x0000000000400000-0x00000000004C6000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1964-56-0x0000000000400000-0x00000000004C6000-memory.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7710
checklist.skype.com
62.173.140.103
31.41.44.63
46.8.19.239
185.77.96.40
46.8.19.116
31.41.44.48
62.173.139.11
62.173.138.251
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
1964-56-0x0000000000400000-0x00000000004C6000-memory.dmp
-
Size
792KB
-
MD5
a24a00bd20913f1eb0dfe4f786c30c63
-
SHA1
c3cd48275c7bb348b45e5a9f5ea6ae9369f59099
-
SHA256
31c8625a98430416f0f964a13a28ecac7ca611b24b34278279cd9f790afa7c0c
-
SHA512
417fca558760a431b89c1c207c9f5039dccfcca53157bf263805ce7f4fa1507f69f39af41c6f7441a3d58beab17350286f98b0c4a7e3a01678a3d058e25e80bf
-
SSDEEP
6144:fKiKH7l9MGnlb5NI9ZFFneK6HrFLI4eZu:fRKHB9MGR5N6ZznebHr0Zu
Score3/10 -