Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3736-59-0x00000272196C0000-0x00000272196FD000-memory.dmp

  • Size

    244KB

  • Sample

    231011-lkdagaea7x

  • MD5

    729b7951fb294cf93d18e440752b1ad4

  • SHA1

    22bf20a6d1f691f4dff62997b6c54629dee9af56

  • SHA256

    095d1723a2be0eb519be4322182b6cd7e9c634f923675d2b1f58e4ef5f4c44d8

  • SHA512

    f449ce7ab93c019c36d460a42bc207054eb92911285b1a28a7b33f4f9ffbc401077579616ac88063fff55b0cb681083f36cc7786f1ac0e1fd65f5e4cd1e7ee39

  • SSDEEP

    3072:7XmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsyMXSTFCr5Icjtd5Wt:7X72v82Wldh1KeRFSbaWrxls1r515G

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.79

185.248.144.203

netsecurez.com

whofoxy.com
Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    Tasks