General
-
Target
2880-66-0x0000020B40670000-0x0000020B406AD000-memory.dmp
-
Size
244KB
-
MD5
9ed9783b0f44415beb67bd175c6e646d
-
SHA1
bbbb3439675e23f187858b22902411ab97e49fcb
-
SHA256
331e782697d08bc29b07ee86823f5c3b9e49d3c4b1b8c11a12d5a86f82608185
-
SHA512
d82dda18780c8fefbdf1cbabd8faa617d09bbab5a0c0dfdd318f3b4c28661d34df8785f1bcd2d89bebb4d8fc78a0b442825dfc21f07254475972967f70fa1dac
-
SSDEEP
3072:+XmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsX4XSTFCr5Icjxjr5Wt:+X72v82Wldh1KeRFSbaWrxlsX4r5z5G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
mifrutty.com
systemcheck.top
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
2880-66-0x0000020B40670000-0x0000020B406AD000-memory.dmp