General

  • Target

    1740-56-0x00000000002E0000-0x00000000002ED000-memory.dmp

  • Size

    52KB

  • Sample

    240302-mnd7lscg72

  • MD5

    3cdf12c88f4598a1df5d00e391bdf4af

  • SHA1

    bb07b519d48af910aa3104c224e8b16f4904f266

  • SHA256

    b42f0b2e3077717c548396cde25483e90fbe1b4fae153f501a2faf3ae291ea4e

  • SHA512

    becb5a7bf98a5628de9e3cfd6ef30c5e5b88a1cbd000d1d95f81802198ccb2154c1df8441be8e2a54926a111f5b1bf458fd68846b1f45fc3fe99f52526e1ba05

  • SSDEEP

    768:OOVs+qVvz8MvWtA/E4E/LaHJjAAMyw4NMI8szShWdM4WhK3D1Gc4d:OO2+qUA/EJ/8BAAHJ8s8WdM4LD1Gc4d

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1740-56-0x00000000002E0000-0x00000000002ED000-memory.dmp

    • Size

      52KB

    • MD5

      3cdf12c88f4598a1df5d00e391bdf4af

    • SHA1

      bb07b519d48af910aa3104c224e8b16f4904f266

    • SHA256

      b42f0b2e3077717c548396cde25483e90fbe1b4fae153f501a2faf3ae291ea4e

    • SHA512

      becb5a7bf98a5628de9e3cfd6ef30c5e5b88a1cbd000d1d95f81802198ccb2154c1df8441be8e2a54926a111f5b1bf458fd68846b1f45fc3fe99f52526e1ba05

    • SSDEEP

      768:OOVs+qVvz8MvWtA/E4E/LaHJjAAMyw4NMI8szShWdM4WhK3D1Gc4d:OO2+qUA/EJ/8BAAHJ8s8WdM4LD1Gc4d

    Score
    3/10

MITRE ATT&CK Matrix

Tasks