General
-
Target
1800-64-0x00000000029D0000-0x0000000002A0D000-memory.dmp
-
Size
244KB
-
Sample
231006-n75pcadb92
-
MD5
bcdd3cc19d8ea523570b6045b2b8f719
-
SHA1
59fbf68d564c671491b838c7fd7ba991f7516c65
-
SHA256
70048c562f7205ce1447eea6e729e94b9e406795fb2238a4bee8333dc043ce1f
-
SHA512
e633fe03c44e3614d1042b61ecd336fbfa31f4fe02d5ad662fec8cc18681ebce5fc4a86916c3dffc56082d30d65dbd77c4e12868d4e6aeb65b0ce32b1e80878d
-
SSDEEP
6144:rX72v82Wldh1KeRFSbaWrxlsbr5Cw8y5G:rL2v8znYSSeWr4b
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
mifrutty.com
systemcheck.top
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain