Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4024-56-0x000001E3F1E50000-0x000001E3F1E8D000-memory.dmp

  • Size

    244KB

  • Sample

    230928-lhv3haab8z

  • MD5

    fdfb38c3cd73fca281a3a85bab67d744

  • SHA1

    40b8cbc891b5add78ff3adad8fbb1c6c07348a40

  • SHA256

    a140aecf77228a5a917f804ba8fadccc46a19d2a8d544e32932610d510f5c799

  • SHA512

    05b3c9c1f82b2a603a8f40b06566a6eacf5dbde628bba02014702b7b6b7635c8ff8f1f0a5228356dbb790eee43afba191af04c667d319ab831af0836ad701cd9

  • SSDEEP

    3072:+XmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsHXSTFCr5Icjj75Wt:+X72v82Wldh1KeRFSbaWrxlsHr5F5G

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.79

185.248.144.203

netsecurez.com

whofoxy.com
Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    Tasks