Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3688-59-0x00000201477F0000-0x000002014782D000-memory.dmp

  • Size

    244KB

  • Sample

    231002-gmlbmsfe8v

  • MD5

    87b52482458505406683cb5c6d0df03b

  • SHA1

    531e344d5505b1cfdad28204c7c310f8e49da03d

  • SHA256

    8c839e2534407ee5c1fc82fc17a76839a50dda27258472b9dc0cd914820e8508

  • SHA512

    073128f841bebadb34e2bf8eb1f73ecfecd5dfe2967f54f7ff0d51daca4d2ccf7212295760ff55b24557295ffe03b06fa69209c0fa376e05ebda469ce87daf22

  • SSDEEP

    3072:FXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsuXSTFCr5IcjYQc55Wt:FX72v82Wldh1KeRFSbaWrxlsur57C5G

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.79

185.248.144.203

netsecurez.com

whofoxy.com
Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    Tasks