General
-
Target
1376-56-0x0000000000400000-0x00000000004C9000-memory.dmp
-
Size
804KB
-
Sample
230309-rxvm6scg89
-
MD5
c83930d0f01b1c204bcd1ef052413557
-
SHA1
a9c04e613ddd41d81078067fd763ff948654d8cc
-
SHA256
95e2661ee24bd59c3ae734e00b2e708f26f799a7d3c1194e672c3554a8a24f8a
-
SHA512
4062166499cb904ea4e8d5b54dc9f1b6afc0475c592dac4fce6b7f7547abb76ccf2631886331b8033dae938059c026d91bad245c9c79ceaafe0ebd155b2f608d
-
SSDEEP
3072:CfKLgNoVUE3HnuN+IGEwG9u0aa17HQHpkCy9RygWamjokspq+Hz:cKLgOVUuO2guje7gaCy9RygdmjopUO
Behavioral task
behavioral1
Sample
1376-56-0x0000000000400000-0x00000000004C9000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1376-56-0x0000000000400000-0x00000000004C9000-memory.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7712
checklist.skype.com
62.173.141.36
31.41.44.85
193.233.175.98
46.8.210.110
89.116.227.49
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
1376-56-0x0000000000400000-0x00000000004C9000-memory.dmp
-
Size
804KB
-
MD5
c83930d0f01b1c204bcd1ef052413557
-
SHA1
a9c04e613ddd41d81078067fd763ff948654d8cc
-
SHA256
95e2661ee24bd59c3ae734e00b2e708f26f799a7d3c1194e672c3554a8a24f8a
-
SHA512
4062166499cb904ea4e8d5b54dc9f1b6afc0475c592dac4fce6b7f7547abb76ccf2631886331b8033dae938059c026d91bad245c9c79ceaafe0ebd155b2f608d
-
SSDEEP
3072:CfKLgNoVUE3HnuN+IGEwG9u0aa17HQHpkCy9RygWamjokspq+Hz:cKLgOVUuO2guje7gaCy9RygdmjopUO
Score3/10 -