General
-
Target
632-58-0x00000210ECB70000-0x00000210ECBAD000-memory.dmp
-
Size
244KB
-
MD5
ed7e12b0c7cc707d14b78843d0a06e0b
-
SHA1
67fcedbce129dfe6d95318ac7205123294f49a89
-
SHA256
5d5ff0ce8f02489a369137074fb4713d08dd411852d6991d72a78b87997a5375
-
SHA512
eb7b7d82227dc4594bd004f309600acd1c2ac6f3b147f2a9daaa02b7211df1fd99fb9da941fdfe02355a3e46acd5b1376014e15fb196a6efa34fd9492023b966
-
SSDEEP
3072:9XmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsHXSTFCr5IcjQL5Wt:9X72v82Wldh1KeRFSbaWrxlsHr5Q5G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
31.41.44.79
185.248.144.203
netsecurez.com
whofoxy.com
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
632-58-0x00000210ECB70000-0x00000210ECBAD000-memory.dmp