Overview

overview

10

Static

static

10

1948-58-0x...ry.dll

windows7-x64

1

1948-58-0x...ry.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1948-58-0x00000000001B0000-0x00000000001BE000-memory.dmp

  • Size

    56KB

  • MD5

    08278066df7dc689cc6d3ef624c77050

  • SHA1

    4cf3ced74e6dc2bd4db5d3bd544b29fb9bf5a360

  • SHA256

    f7b6199ed4790e1eed6a53f47ddeb50619251dd96b9d981e0f7ccea468c8b482

  • SHA512

    4c6b5fbb313facf9427d7bcdbc1bda8db5a7dfce8d5397921b98906d6251e46d92ebea41692cb33f25223fc1a8fd8025810a5f647cfa07f63a7e5210d7675450

  • SSDEEP

    768:A2bM59m7qO9vZyVofuFr8dluSHUv1oxU/Zom87E4fHA4sj3Me5l7UDo+rCf:1M7m7qO32rFr4DU6x2JE3Q1lUnr

Score
10/10
isfb5050gozi

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

91.215.85.186
Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1948-58-0x00000000001B0000-0x00000000001BE000-memory.dmp
    .dll windows x86


    Headers

    Sections