General
-
Target
1500-66-0x000000001B630000-0x000000001B66D000-memory.dmp
-
Size
244KB
-
MD5
248b7548c84ec965544b644376a5d12b
-
SHA1
97dd88ad6399fe2cecd4f52978b31bae42a844e8
-
SHA256
a0d51d44a70e38d50d69ea35c55a8fb95eeda270090e87eebc833ad405f8edc4
-
SHA512
9566543eb9139d807677e58204ebcbe9ee6dd58555a2210f6449eaf9bc30f86fb154ecf301d05e3dc5041e21841ab6bd980a4f03d6637cbb31aaa12d1cba3808
-
SSDEEP
6144:0X72v82Wldh1KeRFSbaWrxlsoKr55Y5G:0L2v8znYSSeWr4Z
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
expirew.com
whofos.com
onlinepoints.online
onlinepoints.top
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
1500-66-0x000000001B630000-0x000000001B66D000-memory.dmp