General
-
Target
4276-63-0x0000020ED96F0000-0x0000020ED972D000-memory.dmp
-
Size
244KB
-
MD5
76b5619e7ff02b6dbf6bf54c2934a781
-
SHA1
f5dc4e6c683437cabe75d8df38f784917cace469
-
SHA256
768888643e065413794596547247871bec3d29f2fa48183c82134bb6b0d5d58c
-
SHA512
962dce76efcea7c8736029096f26adf1a1e809860851af0b0b7d9d08d6259df2cf246858c807bfe5825bd30024de94b58597be2e15ba531ec045e6e1fabcc1e8
-
SSDEEP
3072:wXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsKXSTFCr5Icj3Cq5Wt:wX72v82Wldh1KeRFSbaWrxlsKr5n5G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
mifrutty.com
systemcheck.top
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
4276-63-0x0000020ED96F0000-0x0000020ED972D000-memory.dmp