General
-
Target
4780-138-0x0000000000400000-0x00000000004DB000-memory.dmp
-
Size
876KB
-
Sample
230322-kcvn4sfg37
-
MD5
375bfdff95f8f700fd1b252df9aa0470
-
SHA1
d6352724666d2a8deb42595458f62a5fb7e0da22
-
SHA256
7deabf62844a3ef759e09c17cb318723875a040326824ff52871e74f75ba0fa2
-
SHA512
95ead917a2471185db58747ef4ea3f1adb42699a8a9bc451461a18d2bcb5388c12fafa3406c3564bc4ce88c5970721534b803f25732bdbe7c104047e330ae1d7
-
SSDEEP
3072:VfKkpVNoVUE3HnyZRhkNfAW4Lo04JyVnlT8M43xqwcnUi6JIUjixCdgwn0F:RKkpVOVUuSD2ndQVlTa3xB0UX
Behavioral task
behavioral1
Sample
4780-138-0x0000000000400000-0x00000000004DB000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4780-138-0x0000000000400000-0x00000000004DB000-memory.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7715
checklist.skype.com
62.173.142.50
31.41.44.87
109.248.11.217
212.109.218.151
5.44.45.83
62.173.142.81
193.233.175.113
109.248.11.184
212.109.218.26
185.68.93.7
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
4780-138-0x0000000000400000-0x00000000004DB000-memory.dmp
-
Size
876KB
-
MD5
375bfdff95f8f700fd1b252df9aa0470
-
SHA1
d6352724666d2a8deb42595458f62a5fb7e0da22
-
SHA256
7deabf62844a3ef759e09c17cb318723875a040326824ff52871e74f75ba0fa2
-
SHA512
95ead917a2471185db58747ef4ea3f1adb42699a8a9bc451461a18d2bcb5388c12fafa3406c3564bc4ce88c5970721534b803f25732bdbe7c104047e330ae1d7
-
SSDEEP
3072:VfKkpVNoVUE3HnyZRhkNfAW4Lo04JyVnlT8M43xqwcnUi6JIUjixCdgwn0F:RKkpVOVUuSD2ndQVlTa3xB0UX
Score3/10 -