General
-
Target
1204-56-0x0000000000400000-0x0000000000574000-memory.dmp
-
Size
1.5MB
-
Sample
240302-b39fhsgg53
-
MD5
6c0c890f05a8018c7eb888dc572870aa
-
SHA1
20b62f96b86e48d8beaf879e6048a24424b05075
-
SHA256
c46c3ee3ed6aaf99f5013a3646ed164907be3c75fa4494879b1a392f5f151614
-
SHA512
701bd05181f071d341b5bbf079a996168d7c455b8be90b7b820bbb52de4179de60c26c3e8530066c278aa271589eae78f8e1540a37357940da89b4ab10357f52
-
SSDEEP
3072:4fKxh5zT94QeZDVwv5LN427mYReBUHPxxI9mxKw9RAw2tK14yYC2:WKxh5t2pwXfmYReBUTCzuOjKOG2
Behavioral task
behavioral1
Sample
1204-56-0x0000000000400000-0x0000000000574000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1204-56-0x0000000000400000-0x0000000000574000-memory.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
gozi
Extracted
gozi
7709
checklist.skype.com
62.173.141.252
31.41.44.33
109.248.11.112
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
1204-56-0x0000000000400000-0x0000000000574000-memory.dmp
-
Size
1.5MB
-
MD5
6c0c890f05a8018c7eb888dc572870aa
-
SHA1
20b62f96b86e48d8beaf879e6048a24424b05075
-
SHA256
c46c3ee3ed6aaf99f5013a3646ed164907be3c75fa4494879b1a392f5f151614
-
SHA512
701bd05181f071d341b5bbf079a996168d7c455b8be90b7b820bbb52de4179de60c26c3e8530066c278aa271589eae78f8e1540a37357940da89b4ab10357f52
-
SSDEEP
3072:4fKxh5zT94QeZDVwv5LN427mYReBUHPxxI9mxKw9RAw2tK14yYC2:WKxh5t2pwXfmYReBUTCzuOjKOG2
Score3/10 -