General

  • Target

    4780-138-0x0000000000400000-0x00000000004DB000-memory.dmp

  • Size

    876KB

  • Sample

    230322-kcvn4sfg37

  • MD5

    375bfdff95f8f700fd1b252df9aa0470

  • SHA1

    d6352724666d2a8deb42595458f62a5fb7e0da22

  • SHA256

    7deabf62844a3ef759e09c17cb318723875a040326824ff52871e74f75ba0fa2

  • SHA512

    95ead917a2471185db58747ef4ea3f1adb42699a8a9bc451461a18d2bcb5388c12fafa3406c3564bc4ce88c5970721534b803f25732bdbe7c104047e330ae1d7

  • SSDEEP

    3072:VfKkpVNoVUE3HnyZRhkNfAW4Lo04JyVnlT8M43xqwcnUi6JIUjixCdgwn0F:RKkpVOVUuSD2ndQVlTa3xB0UX

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      4780-138-0x0000000000400000-0x00000000004DB000-memory.dmp

    • Size

      876KB

    • MD5

      375bfdff95f8f700fd1b252df9aa0470

    • SHA1

      d6352724666d2a8deb42595458f62a5fb7e0da22

    • SHA256

      7deabf62844a3ef759e09c17cb318723875a040326824ff52871e74f75ba0fa2

    • SHA512

      95ead917a2471185db58747ef4ea3f1adb42699a8a9bc451461a18d2bcb5388c12fafa3406c3564bc4ce88c5970721534b803f25732bdbe7c104047e330ae1d7

    • SSDEEP

      3072:VfKkpVNoVUE3HnyZRhkNfAW4Lo04JyVnlT8M43xqwcnUi6JIUjixCdgwn0F:RKkpVOVUuSD2ndQVlTa3xB0UX

    Score
    3/10

MITRE ATT&CK Matrix

Tasks