General
-
Target
1248-58-0x0000000010000000-0x000000001000E000-memory.dmp
-
Size
56KB
-
MD5
513427c938aec8b2de58415bb48c6495
-
SHA1
2e06a2c4e755c69f99be1e4f547705a2020e6a73
-
SHA256
34a263c647b42f4a2881ef4b65dce0521bfcf812cc552d64af3ed050595e1951
-
SHA512
29057205f5e164685a0a7a4bff0911cb0f6bb6362721a46394167f07c871e88b1e97069861f74562b8883d17f8ee421a87b889b5f025091c263962f5497099d6
-
SSDEEP
768:A2iOfo8TYmKGv0YyLcaT0LrqH6EHV9HmDXhVp/s6zTgMlbDlxKWAb214:0OfogYmd6zmHG9HCx/jzTtbBxKY
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
5050
C2
https://fazz.bing.com/check
http://swebbers.com
Attributes
-
base_path
/jerry/
-
build
250257
-
exe_type
loader
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1248-58-0x0000000010000000-0x000000001000E000-memory.dmp
Headers
Sections