General

  • Target

    4780-135-0x0000000002270000-0x000000000227D000-memory.dmp

  • Size

    52KB

  • Sample

    230322-j9danahf7t

  • MD5

    ac5a7c0f68a2a58c5fc5d2ba3d1323f2

  • SHA1

    ca0c24112482ea2f75f4400d5f5659254357d5ac

  • SHA256

    ca424831b85af38a479c967f623c2c57ed8535c335e4bfe73c07204556ad5bc3

  • SHA512

    fc0e99bf54693281d960ae62000508d231bd6d94e555930377af2767a4e67eb46fad8b07f5b7b57d386be21f33655c16357e7f3e9309a53c8633e2bc7df57aa5

  • SSDEEP

    768:4x8hq/TnCr82X/I45mvKtyHS0VYrS+1DyZIft1bczdMxhK3D1Gc0B:4yhquVX/IQmvT3VQBft1YzdMOD1GcM

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      4780-135-0x0000000002270000-0x000000000227D000-memory.dmp

    • Size

      52KB

    • MD5

      ac5a7c0f68a2a58c5fc5d2ba3d1323f2

    • SHA1

      ca0c24112482ea2f75f4400d5f5659254357d5ac

    • SHA256

      ca424831b85af38a479c967f623c2c57ed8535c335e4bfe73c07204556ad5bc3

    • SHA512

      fc0e99bf54693281d960ae62000508d231bd6d94e555930377af2767a4e67eb46fad8b07f5b7b57d386be21f33655c16357e7f3e9309a53c8633e2bc7df57aa5

    • SSDEEP

      768:4x8hq/TnCr82X/I45mvKtyHS0VYrS+1DyZIft1bczdMxhK3D1Gc0B:4yhquVX/IQmvT3VQBft1YzdMOD1GcM

    Score
    3/10

MITRE ATT&CK Matrix

Tasks