General
-
Target
836-135-0x0000000002360000-0x000000000236D000-memory.dmp
-
Size
52KB
-
MD5
070e30a0f8c824d4955741ec95c30688
-
SHA1
be389deb3388210d358c11352047fa0520f27ffc
-
SHA256
9faeb03994d385698007b7c254bb45c188f25ab4e05511feb750aef0750c4a39
-
SHA512
b3da8051986701f3defa062615e3e071e489592c7cfead202b18dd3b41b2e7e64f5ea0d92e92ca7744244ccfca04136ae4ab8b2a1242e554d0ff91a2c2a26afb
-
SSDEEP
768:NIQkq1LmmG7O/I46hNZWH7Ju88qUa3GgqSFqwdMRhK3D1GcS:N5kqwO/IVhNiduI9qSMwdMuD1Gc
Score
10/10
Malware Config
Extracted
Family
gozi
Botnet
7712
C2
checklist.skype.com
62.173.140.236
31.41.44.92
46.8.210.143
45.128.185.33
Attributes
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
836-135-0x0000000002360000-0x000000000236D000-memory.dmp
Headers
Sections