General

  • Target

    632-58-0x00000210ECB70000-0x00000210ECBAD000-memory.dmp

  • Size

    244KB

  • MD5

    ed7e12b0c7cc707d14b78843d0a06e0b

  • SHA1

    67fcedbce129dfe6d95318ac7205123294f49a89

  • SHA256

    5d5ff0ce8f02489a369137074fb4713d08dd411852d6991d72a78b87997a5375

  • SHA512

    eb7b7d82227dc4594bd004f309600acd1c2ac6f3b147f2a9daaa02b7211df1fd99fb9da941fdfe02355a3e46acd5b1376014e15fb196a6efa34fd9492023b966

  • SSDEEP

    3072:9XmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsHXSTFCr5IcjQL5Wt:9X72v82Wldh1KeRFSbaWrxlsHr5Q5G

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.79

185.248.144.203

netsecurez.com

whofoxy.com

Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 632-58-0x00000210ECB70000-0x00000210ECBAD000-memory.dmp