General

  • Target

    1636-56-0x0000000000400000-0x00000000004DB000-memory.dmp

  • Size

    876KB

  • Sample

    230322-m4yk7aad2v

  • MD5

    6f5f11bcdda2728c39dd34c417496920

  • SHA1

    b10961f87a57f3b5e49f64f61225fce566529769

  • SHA256

    7605d15924cab786445906480acef39d27c2cec5529aac50ff3667692d746bcc

  • SHA512

    e76f6c23fc79508dc376800fd7d8d4af89145ea21582f6922312d7bd9cc4d197bcd0e0f450a5022457d1a1bbcd8e651ef77da995b23837d5899f348ba62f1f81

  • SSDEEP

    3072:VfKcVNoVUE3HnP5grnmTvA0F9q9aM+j/sVDIMpXBWiZiOJxgwn0F:RKcVOVUuvimvF9/bj/sJIEBWiZx

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1636-56-0x0000000000400000-0x00000000004DB000-memory.dmp

    • Size

      876KB

    • MD5

      6f5f11bcdda2728c39dd34c417496920

    • SHA1

      b10961f87a57f3b5e49f64f61225fce566529769

    • SHA256

      7605d15924cab786445906480acef39d27c2cec5529aac50ff3667692d746bcc

    • SHA512

      e76f6c23fc79508dc376800fd7d8d4af89145ea21582f6922312d7bd9cc4d197bcd0e0f450a5022457d1a1bbcd8e651ef77da995b23837d5899f348ba62f1f81

    • SSDEEP

      3072:VfKcVNoVUE3HnP5grnmTvA0F9q9aM+j/sVDIMpXBWiZiOJxgwn0F:RKcVOVUuvimvF9/bj/sJIEBWiZx

    Score
    3/10

MITRE ATT&CK Matrix

Tasks