General
-
Target
2312-55-0x000002A95A140000-0x000002A95A17D000-memory.dmp
-
Size
244KB
-
Sample
231006-rhb8aaef28
-
MD5
547b4f5408af3d9a570e3469a3708384
-
SHA1
f9a40cdb5ae16012e7c25d55c77b2838302aa44c
-
SHA256
c93e85a046241c27d4ad02096a9243b641111cfc45572d7ddd24457936dec313
-
SHA512
6e7d4e7a5ef2a10520428b2a9f69279bb71e10f8bfef64eae59f411498ba6cc7c74e8cebaf816076cf59cb5978ed0a927787f7f27945f85cede88de7ce84441e
-
SSDEEP
3072:ZXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxls7XSTFCr5Icj+z5Wt:ZX72v82Wldh1KeRFSbaWrxls7r5W5G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
mifrutty.com
systemcheck.top
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain