General
-
Target
1324-56-0x0000000000170000-0x0000000000191000-memory.dmp
-
Size
132KB
-
MD5
bb41e0cb67c7e7b7766a5032e91d4fd9
-
SHA1
00a0c50ea5ac0cf88f1da084c31aa144b29d6922
-
SHA256
41c247abac930ec31edee870c82685a58611e8abbaa7b2bab20e7cac606f6261
-
SHA512
cef856b1cb228f6db6ad2cb35919948e43c6ef73ec5bdff395230f9c96717b6c704c70e70fec1b26c124457181851071fcf88eeb39df3139bc48908b7b00458b
-
SSDEEP
768:92wo1LNxxkYmi4vxYyLcaT0LrqH6EHV9HmDXhVp/s6zTgMlbDlxKWAb214:lo1LNx6Ym66zmHG9HCx/jzTtbBxKY
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
5050
C2
https://fazz.bing.com/check
http://swebbers.com
Attributes
-
base_path
/jerry/
-
build
250257
-
exe_type
loader
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1324-56-0x0000000000170000-0x0000000000191000-memory.dmp
Headers
Sections