General

  • Target

    1732-59-0x00000000001E0000-0x00000000001EE000-memory.dmp

  • Size

    56KB

  • Sample

    230309-lhs8xabg23

  • MD5

    74e208b4ca8e58e086b5e10c575088ac

  • SHA1

    b359c2cf4246637bfb1e3921c5a1650ba6becd5a

  • SHA256

    1f90b484c4fd102a3de4ef12ee94d3b6b7fbe2aec32597fe8758f1137f990ecc

  • SHA512

    1bfeb6ec82ef84800aee3811be4a032043098d27f08126e46c84d4dc6813ee4363501eea0d2914aec9880a1d32c63a9c209a4dfafdd10fc15058883fe3ba7e61

  • SSDEEP

    768:A2KWv+A0ERrvtyC5PLHBjderMpEvpZi7/kMPWq9aky77XTm9:MWvF0ERZd5zHzeApsnI/eZDLI

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

157.254.195.117

91.215.85.151

Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1732-59-0x00000000001E0000-0x00000000001EE000-memory.dmp

    • Size

      56KB

    • MD5

      74e208b4ca8e58e086b5e10c575088ac

    • SHA1

      b359c2cf4246637bfb1e3921c5a1650ba6becd5a

    • SHA256

      1f90b484c4fd102a3de4ef12ee94d3b6b7fbe2aec32597fe8758f1137f990ecc

    • SHA512

      1bfeb6ec82ef84800aee3811be4a032043098d27f08126e46c84d4dc6813ee4363501eea0d2914aec9880a1d32c63a9c209a4dfafdd10fc15058883fe3ba7e61

    • SSDEEP

      768:A2KWv+A0ERrvtyC5PLHBjderMpEvpZi7/kMPWq9aky77XTm9:MWvF0ERZd5zHzeApsnI/eZDLI

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks