Overview

overview

10

Static

static

10

1400-56-0x...ry.dll

windows7-x64

3

1400-56-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1400-56-0x00000000002C0000-0x00000000002CD000-memory.dmp

  • Size

    52KB

  • MD5

    e236b540aa8c0ac9310605b18056d849

  • SHA1

    512bbbe5e2fe5904e47523786af487c83adf97ef

  • SHA256

    ec1869fde0fee809e373f6f45b5e110b9cd0c55ad33507383ab39bfb4076fffa

  • SHA512

    aff44712f3aa0080950d5f3731a376bd372e750471b8a89b9ddcb5837aebf3e0a4de76c3adf7a5ca2271e7c1e3718a596cae258838579b0656d03b663e260f46

  • SSDEEP

    1536:1xQq9uu/oEkb1LOVSxM5hm6IadMKD1Gc:wqje1iVSxMu0dMU1G

Score
10/10
isfb7712gozi

Malware Config

Extracted

Family

gozi

Botnet

7712

C2

checklist.skype.com

62.173.140.236

31.41.44.92

46.8.210.143

45.128.185.33
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1400-56-0x00000000002C0000-0x00000000002CD000-memory.dmp
    .dll windows x86


    Headers

    Sections