General

  • Target

    2004-56-0x0000000000400000-0x00000000004C6000-memory.dmp

  • Size

    792KB

  • Sample

    240302-n5zqbadb2x

  • MD5

    43e4c8cf72683353f746a99a8cd6d000

  • SHA1

    10c69053ad274ddb281ae6febdd78e8e5490617a

  • SHA256

    e1e8fd16249da259177f455bb23f0fa439c55fbe5aa52e9cb2cbbbbaf5c3fd29

  • SHA512

    27a67eb59240fcbfb95f18d8e4b577396706c6b9ea73990194811b89c1df95316dd0eba6e12ee5c750269074fdf7ae4b6c47fa9daa8a72e0f2bcaeb095c08373

  • SSDEEP

    6144:fKKKH7l9MGn2b5NI9ZFFneK6VrFLI4eZu:fZKHB9MGM5N6ZznebVr0Zu

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      2004-56-0x0000000000400000-0x00000000004C6000-memory.dmp

    • Size

      792KB

    • MD5

      43e4c8cf72683353f746a99a8cd6d000

    • SHA1

      10c69053ad274ddb281ae6febdd78e8e5490617a

    • SHA256

      e1e8fd16249da259177f455bb23f0fa439c55fbe5aa52e9cb2cbbbbaf5c3fd29

    • SHA512

      27a67eb59240fcbfb95f18d8e4b577396706c6b9ea73990194811b89c1df95316dd0eba6e12ee5c750269074fdf7ae4b6c47fa9daa8a72e0f2bcaeb095c08373

    • SSDEEP

      6144:fKKKH7l9MGn2b5NI9ZFFneK6VrFLI4eZu:fZKHB9MGM5N6ZznebVr0Zu

    Score
    3/10

MITRE ATT&CK Matrix

Tasks