General
-
Target
3124-55-0x000001F3F2640000-0x000001F3F267D000-memory.dmp
-
Size
244KB
-
Sample
231003-phk43scd97
-
MD5
c704bd8267f12b16f619bd1d79a651e5
-
SHA1
ced5968d64b1754f01cbcd56ee38bea2128a6bc5
-
SHA256
4f1cca9f21c0e8fb3d6735238b48d2703ff7b5676fbf9c650f5ab042df5090fd
-
SHA512
6e5273469cc4a6d5e866c03b729c8deb175168ead6d11d692d3ab047bcc564dbd6dca6f926b7570ced5a271db458095b30b6f12941d55c26e412b14b80a86fc0
-
SSDEEP
3072:kXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsUtXSTFCr5Icjl635Wtk:kX72v82Wldh1KeRFSbaWrxls0r5W35G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
expirew.com
whofos.com
onlinepoints.online
onlinepoints.top
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain