Overview

overview

10

Static

static

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2464-54-0x000000001B240000-0x000000001B27D000-memory.dmp

  • Size

    244KB

  • Sample

    231011-nykmtafa24

  • MD5

    49dce2c099ebe33efa6f3b18127cd91a

  • SHA1

    750dc97c314881931989fb938c31cb0326fbfeb6

  • SHA256

    0a7cd8db49cd7d96e5aaa19199b2022434822be5b781a45c3bcd06d62df950e0

  • SHA512

    89a28b6050d5a4b51ef9c7622e75ce77ab4f05cc1afa4f40a47c74ea7154b5ff69aec7c336815958c6a364a0df811ad6ebf8a7a0af833a3ea7701fbbfef7b03e

  • SSDEEP

    3072:5XmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxls3XSTFCr5IcjMNU5Wt:5X72v82Wldh1KeRFSbaWrxls3r555G

Score
10/10
gozi5050isfb

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

31.41.44.79

185.248.144.203

netsecurez.com

whofoxy.com
Attributes
  • base_path

    /pictures/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    Tasks