General
-
Target
4100-55-0x000001E525000000-0x000001E52503D000-memory.dmp
-
Size
244KB
-
MD5
0596fad3ca955806972ef035b29a6032
-
SHA1
ac28449d72fea7a0a9690430d6e8d265ce2cc060
-
SHA256
b4dad857805416d2ed9955793ca9e0858ba3d98e2c0c83d1abc601be5b7e1ebf
-
SHA512
7b69b787653c345b21b02e810930b4d30aed7551de1cfd5dac05c9afa74bba4929acd008aa99f6d05ea8bdf6ec84a5ca76324d0e7db34b871a851e954e2b29b1
-
SSDEEP
3072:TXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsVrXSTFCr5IcjPC5Wtk:TX72v82Wldh1KeRFSbaWrxlsVrr5Q5G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
expirew.com
whofos.com
onlinepoints.online
onlinepoints.top
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
4100-55-0x000001E525000000-0x000001E52503D000-memory.dmp