Overview

overview

10

Static

static

10

1692-56-0x...ry.dll

windows7-x64

3

1692-56-0x...ry.dll

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1692-56-0x00000000002E0000-0x00000000002ED000-memory.dmp

  • Size

    52KB

  • MD5

    c99ea6ae6e39fe9ad061fc5264d86cf2

  • SHA1

    2dfec3524769d8ddfec425addacb2e78dc57d6f2

  • SHA256

    aeeec37a1593bb5996131adb7b339d0104d06d8e17090101414f9afd8456fcad

  • SHA512

    834bf9bbbb59cadcebafd7a5fb9c0951b0d85eae2b1e2f3a467e907cea6effa69b60d840649dd3a56f4f4ba156dd1740c81559a2343409a66183aff282fc0e1e

  • SSDEEP

    768:qOVs+qVvz8MvWtA/E4E/LaHJjAAMyw4NMI8szShtdM4WhK3D1Gc0d:qO2+qUA/EJ/8BAAHJ8s8tdM4LD1Gc0d

Score
10/10
isfb7716gozi

Malware Config

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1692-56-0x00000000002E0000-0x00000000002ED000-memory.dmp
    .dll windows x86


    Headers

    Sections