General

  • Target

    2560-135-0x00000000006B0000-0x00000000006BD000-memory.dmp

  • Size

    52KB

  • Sample

    230322-kpqwpafh33

  • MD5

    19f6ae3c65b60dcfc9c6bb4dcdfd7df1

  • SHA1

    7c773c455a1b8c493748fc080dddf845ad244618

  • SHA256

    52de820bdf87558e54aa7f4490be1782959dcc89a30f551c1bcc7d9738740e39

  • SHA512

    55b5f2198268442fc08bd428b57998e09e45a0ea5ad0c7e9e4604ba9c6527c1d2d5c4f75482ff7e8141aabe44e1e257111abe9480256715cc1d62243dcdd2d15

  • SSDEEP

    768:wHcnq3+4xmsEF/I4/cAGHcqT8+3ypw7UPbXdiBdMhhK3D1Gc0B:w8nqO7F/IecVrTEpPbXwBdMeD1GcM

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2560-135-0x00000000006B0000-0x00000000006BD000-memory.dmp

    • Size

      52KB

    • MD5

      19f6ae3c65b60dcfc9c6bb4dcdfd7df1

    • SHA1

      7c773c455a1b8c493748fc080dddf845ad244618

    • SHA256

      52de820bdf87558e54aa7f4490be1782959dcc89a30f551c1bcc7d9738740e39

    • SHA512

      55b5f2198268442fc08bd428b57998e09e45a0ea5ad0c7e9e4604ba9c6527c1d2d5c4f75482ff7e8141aabe44e1e257111abe9480256715cc1d62243dcdd2d15

    • SSDEEP

      768:wHcnq3+4xmsEF/I4/cAGHcqT8+3ypw7UPbXdiBdMhhK3D1Gc0B:w8nqO7F/IecVrTEpPbXwBdMeD1GcM

    Score
    3/10

MITRE ATT&CK Matrix

Tasks