General
-
Target
828-54-0x0000019BBAFD0000-0x0000019BBB00D000-memory.dmp
-
Size
244KB
-
MD5
054a598d948aba26460f4694891c7c15
-
SHA1
c37bb013628d386e166af2386471c3ef8652a914
-
SHA256
daf0053b1a986bf59b8363851632ccca67c65542c2c6ffe2f4587c550f430333
-
SHA512
15bf25a765ba400983904ed0429dc6a060b3e459172dec5613e09db9967032212213ff3c869fc47da81aaf6c4f016f4aeb777399ce8accb4c0a5045cd6259719
-
SSDEEP
3072:SXmwJT25VVeVqX++WldhnUaA4KT6ntfZFSumtYpFQrxlswXSTFCr5Icj2g5Wtq:SX72v82Wldh1KeRFSbaWrxlswr5B5G
Malware Config
Extracted
Family
gozi
Botnet
5050
C2
fotexion.com
Attributes
-
base_path
/pictures/
-
exe_type
worker
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
Files
-
828-54-0x0000019BBAFD0000-0x0000019BBB00D000-memory.dmp