General

  • Target

    2824-135-0x00000000021A0000-0x00000000021AD000-memory.dmp

  • Size

    52KB

  • MD5

    00fcf7ce9262fce3a3d2ab24bdc41d6e

  • SHA1

    1aff681606961d624f0b9b362ec4d1fec290108f

  • SHA256

    839c6f5fd1d023559d9c57cdec8a2967081256500043646c9d5140e31047b22b

  • SHA512

    0f6597cd0d20b4654fcfd7fab9beb7266412a0ef50016a46da10c52540c428ff079bd7d61e1350fa4ecbb71c5f0b0483a53afe6ff69aa2a5f386013999472a83

  • SSDEEP

    768:5UUQAqFLCRdx66l3a/I4SG2V+HXl6sQ6EeTiQAVOcsdMhhK3D1Gc:W1AqQDa/Iv5W16QdAVOcsdMeD1Gc

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 2824-135-0x00000000021A0000-0x00000000021AD000-memory.dmp
    .dll windows x86


    Headers

    Sections