General

  • Target

    1860590x000000001B1C00000x000000001B1FD000memory_JC.dmp

  • Size

    244KB

  • MD5

    93d7412ef9c678698f8f6801874acfb4

  • SHA1

    243c0a7161da29d368df7ea9e97bda4474dec1ac

  • SHA256

    60372f2e1b6b869713adc7ccbe9d23664775498044ed3a0ff33a061fdef7099d

  • SHA512

    58981add6ef380ae0a97d1fc000b316c1394a18b0ed42802d63c2cd41b64c0cbe17e69c32c7aa01161b298d3eb77bd560e659e53b08788aa25144559e34fd861

  • SSDEEP

    3072:hXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxls9XSTFCr5Icj8Is5Wt:hX72v82Wldh1KeRFSbaWrxls9r525G

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

systemcheck.top

Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 1860590x000000001B1C00000x000000001B1FD000memory_JC.dmp