General
-
Target
1308-56-0x0000000000400000-0x00000000004DB000-memory.dmp
-
Size
876KB
-
Sample
230322-j8fdmaff94
-
MD5
9603d6cbacf9a3027c67fb71883bf9a1
-
SHA1
703f1937a33c8204820ed6cb986e779c3bc39939
-
SHA256
74a54180c49f510f135e03724d4914c1a89e3177d4cd412cdd3caf22f5665d1d
-
SHA512
50eb0609de262a27f730797e5bc0635561e7eb6d45760d720576328e3d0e5af7038dec2c5aa85fa9a15b9647a0d628cb42160b17ec1f4726d5478a03b396481c
-
SSDEEP
3072:VfKdVNoVUE3HnP5grnmTvAnF9q9aM+j/sVDIMpXBWiZo9Jxgwn0F:RKdVOVUuvimwF9/bj/sJIEBWiYx
Behavioral task
behavioral1
Sample
1308-56-0x0000000000400000-0x00000000004DB000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1308-56-0x0000000000400000-0x00000000004DB000-memory.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7715
checklist.skype.com
62.173.142.50
31.41.44.87
109.248.11.217
212.109.218.151
5.44.45.83
62.173.142.81
193.233.175.113
109.248.11.184
212.109.218.26
185.68.93.7
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
1308-56-0x0000000000400000-0x00000000004DB000-memory.dmp
-
Size
876KB
-
MD5
9603d6cbacf9a3027c67fb71883bf9a1
-
SHA1
703f1937a33c8204820ed6cb986e779c3bc39939
-
SHA256
74a54180c49f510f135e03724d4914c1a89e3177d4cd412cdd3caf22f5665d1d
-
SHA512
50eb0609de262a27f730797e5bc0635561e7eb6d45760d720576328e3d0e5af7038dec2c5aa85fa9a15b9647a0d628cb42160b17ec1f4726d5478a03b396481c
-
SSDEEP
3072:VfKdVNoVUE3HnP5grnmTvAnF9q9aM+j/sVDIMpXBWiZo9Jxgwn0F:RKdVOVUuvimwF9/bj/sJIEBWiYx
Score3/10 -