General

  • Target

    2880-66-0x0000020B40670000-0x0000020B406AD000-memory.dmp

  • Size

    244KB

  • MD5

    9ed9783b0f44415beb67bd175c6e646d

  • SHA1

    bbbb3439675e23f187858b22902411ab97e49fcb

  • SHA256

    331e782697d08bc29b07ee86823f5c3b9e49d3c4b1b8c11a12d5a86f82608185

  • SHA512

    d82dda18780c8fefbdf1cbabd8faa617d09bbab5a0c0dfdd318f3b4c28661d34df8785f1bcd2d89bebb4d8fc78a0b442825dfc21f07254475972967f70fa1dac

  • SSDEEP

    3072:+XmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsX4XSTFCr5Icjxjr5Wt:+X72v82Wldh1KeRFSbaWrxlsX4r5z5G

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

mifrutty.com

systemcheck.top

Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 2880-66-0x0000020B40670000-0x0000020B406AD000-memory.dmp