General

  • Target

    1740-59-0x0000000000400000-0x0000000002BBE000-memory.dmp

  • Size

    39.7MB

  • Sample

    240302-mqb52ace4w

  • MD5

    7b1582b04c0628315081b8a2ce9e16ac

  • SHA1

    603e93a4c032ab1cbe096c4f589e4b77b5a66898

  • SHA256

    0e42b780dd02c0c3dcf739b913a01dbccb49ad6673117e62a22036a401f35bb1

  • SHA512

    ec5aec9b9c7efdae0687790e64e7d1c004cc2e0a9d77b407f5b07a8d117fcf78a2871afdae85f6b1c19af9694a8bc9d3caa9547b1b2513d7f2242dbe22296cc8

  • SSDEEP

    3072:nfKeJnKUZekHml9jSCwka/qCaBjuss4MuUQ1GwINU77sDm/lG3bWphFHtUCCXC/c:fKeJKH7l9MTq/O4htgUnsa/liSVt7e

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1740-59-0x0000000000400000-0x0000000002BBE000-memory.dmp

    • Size

      39.7MB

    • MD5

      7b1582b04c0628315081b8a2ce9e16ac

    • SHA1

      603e93a4c032ab1cbe096c4f589e4b77b5a66898

    • SHA256

      0e42b780dd02c0c3dcf739b913a01dbccb49ad6673117e62a22036a401f35bb1

    • SHA512

      ec5aec9b9c7efdae0687790e64e7d1c004cc2e0a9d77b407f5b07a8d117fcf78a2871afdae85f6b1c19af9694a8bc9d3caa9547b1b2513d7f2242dbe22296cc8

    • SSDEEP

      3072:nfKeJnKUZekHml9jSCwka/qCaBjuss4MuUQ1GwINU77sDm/lG3bWphFHtUCCXC/c:fKeJKH7l9MTq/O4htgUnsa/liSVt7e

    Score
    3/10

MITRE ATT&CK Matrix

Tasks