General
-
Target
4800-57-0x0000025AAA6C0000-0x0000025AAA6FD000-memory.dmp
-
Size
244KB
-
MD5
a26e93cc9850a760709022a1e95f92a4
-
SHA1
fa431f0b780a096839b7fb47a01a24eb9aec5684
-
SHA256
b95de951631599b93166ed0ef17661c3d39f284ba743d3d96a0f64154eb4a40e
-
SHA512
1fa8517ca1873ea31069e46c6b66162ab2af7100d610e9922c1de8ed2303d0c88cf36771d6478a186be752272d8f88e4a39df04a992babd72af01714af4a6500
-
SSDEEP
3072:eXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsofXSTFCr5IcjIn5Wt:eX72v82Wldh1KeRFSbaWrxlsIr5M5G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
mifrutty.com
systemcheck.top
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
4800-57-0x0000025AAA6C0000-0x0000025AAA6FD000-memory.dmp