Overview

overview

10

Static

static

10

3588-135-0...ry.dll

windows7-x64

3

3588-135-0...ry.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    3588-135-0x0000000004860000-0x000000000486D000-memory.dmp

  • Size

    52KB

  • MD5

    c13edd4b1a49b29ab96b44cd49e502be

  • SHA1

    ac2a7960b0d91254e615cd822a5ff8e7ec7ddb40

  • SHA256

    5422457ab782f21e998e40cf17d4ecf198a1b067c90e1577b0c87868c50253dc

  • SHA512

    d3b8306607089d67eb0064459755535259969e5c5a6102156a7ad1b72cd919878305a5d406436cdb6571d19e75a9d02d3e815c52da54dfbe91ed7c3f824f9aae

  • SSDEEP

    768:DaEKqFHsqGhc/c4ArACKH1vinX3Sga9xQ4ooEZdMFhK3D1Gch:D7Kqcc/cFrA/hMXopooEZdMyD1Gc

Score
10/10
isfb7714gozi

Malware Config

Extracted

Family

gozi

Botnet

7714

C2

checklist.skype.com

5.44.43.17

31.41.44.108

62.173.138.213

109.248.11.174
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 3588-135-0x0000000004860000-0x000000000486D000-memory.dmp
    .dll windows x86


    Headers

    Sections