General

  • Target

    2344-2-0x0000000000400000-0x000000000044A000-memory.dmp

  • Size

    296KB

  • MD5

    b4cf4f8b3eb3f3b5e8976264cb052df9

  • SHA1

    65e309e158fd6cd68ea33b4c29d8561dc11d0cae

  • SHA256

    80dad53ad936232fb3ae5a1c6938300f6c6b1bb6d5622fee23bca08f2c8e0294

  • SHA512

    20e4c0e64e924cb7bd823d2e533a74c78d2ab1622f1390950170db8b9e5b268d72fb5b9152b25a17c100e3d12dc48c582683089aef0894ba1130f31d916fa067

  • SSDEEP

    3072:KrPI5jSu11UtEPrYLubTtT+MXpZSylO6d1v01wtialvaTAIns5c9ZTrbp:iu11UtEPr7ftznPO6dVQWIBXTJ

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.28

146.19.233.250

46.8.19.158

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2344-2-0x0000000000400000-0x000000000044A000-memory.dmp
    .exe windows:5 windows x86


    Headers

    Sections