General

  • Target

    608-56-0x0000000000240000-0x000000000024D000-memory.dmp

  • Size

    52KB

  • MD5

    8f586ddaac774a9c30742c81e425cc6d

  • SHA1

    21e8edef0cc4d4442d060735f20c399109cb4d9a

  • SHA256

    9e96757115ed0eda8d908fc357f818297ccb196bab4f3bc24c6bd64a05eb5d65

  • SHA512

    5dc57077abfa4027a52d6a4595edd8b7dce65111b1fbf9e2e6b0dc857d10b311bddda03310a0ec97d34eddd648d26be48016ea21744d17e54ced2cea1fe7e55d

  • SSDEEP

    768:8owYqFvXp4GGXm/44OTBz5qHf9qR2s6L/qgz6TWNPa5dM+6hK3D1GcQh:85YqEm/4nTBaFq0LhuCNC5dMaD1GcQ

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 608-56-0x0000000000240000-0x000000000024D000-memory.dmp
    .dll windows x86


    Headers

    Sections