General
-
Target
4740-59-0x0000018BA51F0000-0x0000018BA522D000-memory.dmp
-
Size
244KB
-
MD5
eea0b3852f8e92aa69ef79895a0a6648
-
SHA1
24d485a0b5f5a8b2213eef68a9647ea0e0dcda18
-
SHA256
4084abaa527a05851b7872494f900d3163f485e0059cbbe56109b03d7f9fb36f
-
SHA512
a0ae654439eb834a9ca9d51b08fbcd2f32392e6d82874f3616df06f7032c2b534aabf404d7645a6dd0af9f4394c07a677d857b9047c9fddd7fead721684ef704
-
SSDEEP
3072:YXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsIXSTFCr5Icj+BuN5Wt:YX72v82Wldh1KeRFSbaWrxlsIr5HN5G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
31.41.44.79
185.248.144.203
netsecurez.com
whofoxy.com
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
4740-59-0x0000018BA51F0000-0x0000018BA522D000-memory.dmp