Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4684-57-0x0000029A6F3E0000-0x0000029A6F41D000-memory.dmp

  • Size

    244KB

  • Sample

    231011-lycabshd89

  • MD5

    cd4de379a02a6f9f8c0a775353f5e93f

  • SHA1

    75e0b4bbc472ff780b62061eac838b54c836f0c9

  • SHA256

    ebf5a55eb42960ba6102cc2e86372e4732d4e88f2e0f72920c3a8b409af6c42e

  • SHA512

    247c504dee38a3b1b89c3f64996d1c2dac7ec5c7fa561fe7beadbb0ac891b16b599b9c9186919daa3ffb62db891f492a023bda6af53e7093723ccf30c28a8d34

  • SSDEEP

    3072:nXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlsX4XSTFCr5IcjEj5Wt:nX72v82Wldh1KeRFSbaWrxlsX4r5w5G

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.79

185.248.144.203

netsecurez.com

whofoxy.com
Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    Tasks