General

  • Target

    116-135-0x0000000000400000-0x000000000044C000-memory.dmp

  • Size

    304KB

  • Sample

    230308-j1jq3seg67

  • MD5

    bf175ce6670efde3ff728cdd383548a2

  • SHA1

    82120c7de9ff17ce36c94bdfdf08852c4d6a3415

  • SHA256

    492a6c4884447150cfc6158613575e0b925ae9c9ac5727490f470e0149816c8a

  • SHA512

    1777d6c476f5086dfa0d2985dcad3b1b5f04b0826e58e2ca10b3deae43e716917b2f028bc2169fdd7143b06711fc490da9b0be103e2e721ca02790f4e4a6f97a

  • SSDEEP

    3072:VfK2rNoVUE3Hn5PcN6ugTCIKmO8YUAWDE/Rp9WgFGH52c:RK2rOVUuGNYDlO8YI4Zp9Wq

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      116-135-0x0000000000400000-0x000000000044C000-memory.dmp

    • Size

      304KB

    • MD5

      bf175ce6670efde3ff728cdd383548a2

    • SHA1

      82120c7de9ff17ce36c94bdfdf08852c4d6a3415

    • SHA256

      492a6c4884447150cfc6158613575e0b925ae9c9ac5727490f470e0149816c8a

    • SHA512

      1777d6c476f5086dfa0d2985dcad3b1b5f04b0826e58e2ca10b3deae43e716917b2f028bc2169fdd7143b06711fc490da9b0be103e2e721ca02790f4e4a6f97a

    • SSDEEP

      3072:VfK2rNoVUE3Hn5PcN6ugTCIKmO8YUAWDE/Rp9WgFGH52c:RK2rOVUuGNYDlO8YI4Zp9Wq

    Score
    3/10

MITRE ATT&CK Matrix

Tasks