General

  • Target

    1340-53-0x00000160F48E0000-0x00000160F491D000-memory.dmp

  • Size

    244KB

  • MD5

    26a6247a021d93b421e41dcee40e1165

  • SHA1

    37093fd9d26def5baf0b7545cee804791983f034

  • SHA256

    5063c07b12a9389277ff6083a6988c2cdc9cb0cb06c007e55faf3305f9108fd7

  • SHA512

    6ee11463393cebf3a37981bba181151511e93611152e860e8f2f4a5d8d0e40ff161a2cdbbd7806ffd6a0162a69c0fa9b4014d017417b15a7b99d1d9e733ed3dd

  • SSDEEP

    3072:lXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxls5XSTFCr5IcjqB5Wt:lX72v82Wldh1KeRFSbaWrxls5r5A5G

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

systemcheck.top

Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1340-53-0x00000160F48E0000-0x00000160F491D000-memory.dmp