General
-
Target
1864550x00000000001700000.dmp
-
Size
56KB
-
MD5
b5a7ec7ae09d40efe4dc135c39e90b5c
-
SHA1
51352d0a6fdeae223bfcdcfb19b0a71b39edd511
-
SHA256
6b53b716e1b7b7f33cb8179053a4c3dc8ecb53130a01bbf62426e89e954dfee9
-
SHA512
717b234459b9a77f326e5fbb2696de9c142ff57c135fe95687c02b97fd17507a29edfb407b7b6ca06bca67b596a6ee1332dd81c21220a658f5d6be418f77a312
-
SSDEEP
768:A2FHBtxQi7QkrQvv2FyZWjlC/gL8MNF7yNcYNzB1BA5V53vrUZKmdbhrknZ:3htyi7QkriUAsw/gfBWD1ybm1hiZ
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
5050
C2
https://avas1ta.com/in/login/
itwicenice.com
Attributes
-
base_path
/jerry/
-
build
250259
-
exe_type
loader
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1864550x00000000001700000.dmp
Headers
Sections