General

  • Target

    1760-56-0x0000000000400000-0x0000000002BBF000-memory.dmp

  • Size

    39.7MB

  • Sample

    240302-m7k49scf5z

  • MD5

    c52236ccc990a7653e5987fb40fb78dc

  • SHA1

    2303ba8e474095b0a839d63302b2f16868ade166

  • SHA256

    f21ee417c6eac827128dc8ca447825c4089daad752882886362d4250be2a82f8

  • SHA512

    6bb6c6d5c11c51bdacd2f10d8d025ea8c37da7f4fa99826138b1bfe00ba36dbbc74f27ec9e23a1a917f8b398ec8eed7c2b7b1ae7fab5273895a4cd5bd10b420d

  • SSDEEP

    3072:nfKJnKUZekHml9jSCwSsZaznV7dSYXnGqyQxkQA03GWvmb6MRi/4OJdLdKY9e5fT:fKJKH7l9MSsZMTX7yuA03LEDu

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1760-56-0x0000000000400000-0x0000000002BBF000-memory.dmp

    • Size

      39.7MB

    • MD5

      c52236ccc990a7653e5987fb40fb78dc

    • SHA1

      2303ba8e474095b0a839d63302b2f16868ade166

    • SHA256

      f21ee417c6eac827128dc8ca447825c4089daad752882886362d4250be2a82f8

    • SHA512

      6bb6c6d5c11c51bdacd2f10d8d025ea8c37da7f4fa99826138b1bfe00ba36dbbc74f27ec9e23a1a917f8b398ec8eed7c2b7b1ae7fab5273895a4cd5bd10b420d

    • SSDEEP

      3072:nfKJnKUZekHml9jSCwSsZaznV7dSYXnGqyQxkQA03GWvmb6MRi/4OJdLdKY9e5fT:fKJKH7l9MSsZMTX7yuA03LEDu

    Score
    3/10

MITRE ATT&CK Matrix

Tasks