General

  • Target

    1304-56-0x0000000000400000-0x00000000004C9000-memory.dmp

  • Size

    804KB

  • Sample

    240302-rbfxwsea7t

  • MD5

    8c08a18c0f9e0f8a1de21da5fae7311c

  • SHA1

    610cfc023413706db2faea9f8549824bb1c63feb

  • SHA256

    99a4cfe95df165a189a2aa9dccbf3797b7cada02a1107d7cd63523d9fe72e16c

  • SHA512

    d89dd66666e85cfef2790fd12f48d122e514423e6db7354d6ff95b89c5b7ae281d0e351e55cbf4418d376511b0fc3c4eb064393db536ab99f1119153340c8138

  • SSDEEP

    3072:CfKwgNoVUE3HndEo6Gsm63+iDthdmeAl2tWJNwX3of6idPYdqDsptmz:cKwgOVUu9fNYKeLQPwkPYdqAb+

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7712

C2

checklist.skype.com

62.173.141.36

31.41.44.85

193.233.175.98

46.8.210.110

89.116.227.49

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1304-56-0x0000000000400000-0x00000000004C9000-memory.dmp

    • Size

      804KB

    • MD5

      8c08a18c0f9e0f8a1de21da5fae7311c

    • SHA1

      610cfc023413706db2faea9f8549824bb1c63feb

    • SHA256

      99a4cfe95df165a189a2aa9dccbf3797b7cada02a1107d7cd63523d9fe72e16c

    • SHA512

      d89dd66666e85cfef2790fd12f48d122e514423e6db7354d6ff95b89c5b7ae281d0e351e55cbf4418d376511b0fc3c4eb064393db536ab99f1119153340c8138

    • SSDEEP

      3072:CfKwgNoVUE3HndEo6Gsm63+iDthdmeAl2tWJNwX3of6idPYdqDsptmz:cKwgOVUu9fNYKeLQPwkPYdqAb+

    Score
    3/10

MITRE ATT&CK Matrix

Tasks