General
-
Target
3736-59-0x00000272196C0000-0x00000272196FD000-memory.dmp
-
Size
244KB
-
MD5
729b7951fb294cf93d18e440752b1ad4
-
SHA1
22bf20a6d1f691f4dff62997b6c54629dee9af56
-
SHA256
095d1723a2be0eb519be4322182b6cd7e9c634f923675d2b1f58e4ef5f4c44d8
-
SHA512
f449ce7ab93c019c36d460a42bc207054eb92911285b1a28a7b33f4f9ffbc401077579616ac88063fff55b0cb681083f36cc7786f1ac0e1fd65f5e4cd1e7ee39
-
SSDEEP
3072:7XmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsyMXSTFCr5Icjtd5Wt:7X72v82Wldh1KeRFSbaWrxls1r515G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
31.41.44.79
185.248.144.203
netsecurez.com
whofoxy.com
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
3736-59-0x00000272196C0000-0x00000272196FD000-memory.dmp