General

  • Target

    2032-56-0x0000000000400000-0x0000000002BBD000-memory.dmp

  • Size

    39.7MB

  • Sample

    240302-mfz44scd6x

  • MD5

    10a9be0fcb49d17e69759c8d309e6d73

  • SHA1

    ab1ec467cbb626ca41feea7b31ab51c0b0067fc8

  • SHA256

    3e8f09f826e227916edaaa54888a8fbc3607741e6ecabb34ae6f58c069186776

  • SHA512

    1e244e4072aec6fba5348940040bbd38e6223f134226c4c0d452343f154c13e12a7f9ba84bbd12e508d506ffa3040fb4a3de1865714ae3e65d9288a5b6c1b8e1

  • SSDEEP

    3072:nfK6nKUZekHml9jSCwUaS4QirQo7GIYjj49BK5nW+HHQ3k0TfWupeU5DLK6PmUqd:fK6KH7l9Mu4rQ61ByqjfH5DLKcDqd

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2032-56-0x0000000000400000-0x0000000002BBD000-memory.dmp

    • Size

      39.7MB

    • MD5

      10a9be0fcb49d17e69759c8d309e6d73

    • SHA1

      ab1ec467cbb626ca41feea7b31ab51c0b0067fc8

    • SHA256

      3e8f09f826e227916edaaa54888a8fbc3607741e6ecabb34ae6f58c069186776

    • SHA512

      1e244e4072aec6fba5348940040bbd38e6223f134226c4c0d452343f154c13e12a7f9ba84bbd12e508d506ffa3040fb4a3de1865714ae3e65d9288a5b6c1b8e1

    • SSDEEP

      3072:nfK6nKUZekHml9jSCwUaS4QirQo7GIYjj49BK5nW+HHQ3k0TfWupeU5DLK6PmUqd:fK6KH7l9Mu4rQ61ByqjfH5DLKcDqd

    Score
    3/10

MITRE ATT&CK Matrix

Tasks