General
-
Target
2920-67-0x00000000027A0000-0x00000000027DD000-memory.dmp
-
Size
244KB
-
MD5
625b4cdfccaf0c084c8e5bd2f144db99
-
SHA1
440ab88ce50cf32762424781fe1e4fc37fb07c51
-
SHA256
a0be4769b347dcb9212fb950b20863c26084f4c0660c9208111b086e184982c3
-
SHA512
be20d6cbb212da54c3911eb598e5c7580ea41a3efc93f10014b081025a38e8628a4308939aa1d2f54a399b9c19220470d6f7407dceab14d209d019db3684abd9
-
SSDEEP
6144:nX72v82Wldh1KeRFSbaWrxls3r5lNJ5Gl:nL2v8znYSSeWr43
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
http://igrovdow.com
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
2920-67-0x00000000027A0000-0x00000000027DD000-memory.dmp