General
-
Target
2584-58-0x00000000028A0000-0x00000000028DD000-memory.dmp
-
Size
244KB
-
Sample
231006-nwvd8sah5w
-
MD5
a8dd6c8fea5f908692bfe3d6447b1b9e
-
SHA1
eec8d6f7d3521f5ca05e66f5205b4322ea4ec879
-
SHA256
157f39aa59a2b9d24c9a896e357deabe63954054ccd5d60b78b25ee5c1c109fb
-
SHA512
cbb88a3034e965a1559ff0bea13ff0267a45679a73c0fcdbc496601c87b6270816448cdca53b5de870ff1dc5f7a5f9c05bed21e5c192443925feb9e1a6370561
-
SSDEEP
6144:YX72v82Wldh1KeRFSbaWrxlsUWr5WI5G:YL2v8znYSSeWr4UW
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
mifrutty.com
systemcheck.top
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain