General

  • Target

    1376-56-0x0000000000400000-0x00000000004C9000-memory.dmp

  • Size

    804KB

  • Sample

    230309-rxvm6scg89

  • MD5

    c83930d0f01b1c204bcd1ef052413557

  • SHA1

    a9c04e613ddd41d81078067fd763ff948654d8cc

  • SHA256

    95e2661ee24bd59c3ae734e00b2e708f26f799a7d3c1194e672c3554a8a24f8a

  • SHA512

    4062166499cb904ea4e8d5b54dc9f1b6afc0475c592dac4fce6b7f7547abb76ccf2631886331b8033dae938059c026d91bad245c9c79ceaafe0ebd155b2f608d

  • SSDEEP

    3072:CfKLgNoVUE3HnuN+IGEwG9u0aa17HQHpkCy9RygWamjokspq+Hz:cKLgOVUuO2guje7gaCy9RygdmjopUO

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7712

C2

checklist.skype.com

62.173.141.36

31.41.44.85

193.233.175.98

46.8.210.110

89.116.227.49

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1376-56-0x0000000000400000-0x00000000004C9000-memory.dmp

    • Size

      804KB

    • MD5

      c83930d0f01b1c204bcd1ef052413557

    • SHA1

      a9c04e613ddd41d81078067fd763ff948654d8cc

    • SHA256

      95e2661ee24bd59c3ae734e00b2e708f26f799a7d3c1194e672c3554a8a24f8a

    • SHA512

      4062166499cb904ea4e8d5b54dc9f1b6afc0475c592dac4fce6b7f7547abb76ccf2631886331b8033dae938059c026d91bad245c9c79ceaafe0ebd155b2f608d

    • SSDEEP

      3072:CfKLgNoVUE3HnuN+IGEwG9u0aa17HQHpkCy9RygWamjokspq+Hz:cKLgOVUuO2guje7gaCy9RygdmjopUO

    Score
    3/10

MITRE ATT&CK Matrix

Tasks