General

  • Target

    4740-59-0x0000018BA51F0000-0x0000018BA522D000-memory.dmp

  • Size

    244KB

  • MD5

    eea0b3852f8e92aa69ef79895a0a6648

  • SHA1

    24d485a0b5f5a8b2213eef68a9647ea0e0dcda18

  • SHA256

    4084abaa527a05851b7872494f900d3163f485e0059cbbe56109b03d7f9fb36f

  • SHA512

    a0ae654439eb834a9ca9d51b08fbcd2f32392e6d82874f3616df06f7032c2b534aabf404d7645a6dd0af9f4394c07a677d857b9047c9fddd7fead721684ef704

  • SSDEEP

    3072:YXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsIXSTFCr5Icj+BuN5Wt:YX72v82Wldh1KeRFSbaWrxlsIr5HN5G

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.79

185.248.144.203

netsecurez.com

whofoxy.com

Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 4740-59-0x0000018BA51F0000-0x0000018BA522D000-memory.dmp