General
-
Target
1284-56-0x0000000000400000-0x00000000004AF000-memory.dmp
-
Size
700KB
-
Sample
240302-wlmweagb68
-
MD5
457137b304bf5b3813f539a83f6cf6f4
-
SHA1
a56233fed0a8ff591a5671fa2aba052d1b34036c
-
SHA256
ee02e71799054b88e30b9305a2470a501c9aeb9b88d8bb6816527ff582a6adf6
-
SHA512
ec1cfd4ca06bf83ba434e73fc9cfc7835db468f025e05f4572ba6956e39eccfd3567c113edabff69fa711e487e5d619133cf7d8a5aa218b9534a222e3070a928
-
SSDEEP
3072:5fK2RNoVUE3HnqgGupHnozyScqeENUrwSbVMU4/I:lK2ROVUu9G2nJSN0/
Behavioral task
behavioral1
Sample
1284-56-0x0000000000400000-0x00000000004AF000-memory.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1284-56-0x0000000000400000-0x00000000004AF000-memory.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
gozi
Extracted
gozi
7713
checklist.skype.com
62.173.142.51
94.103.183.153
193.233.175.111
109.248.11.145
31.41.44.106
191.96.251.201
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
1284-56-0x0000000000400000-0x00000000004AF000-memory.dmp
-
Size
700KB
-
MD5
457137b304bf5b3813f539a83f6cf6f4
-
SHA1
a56233fed0a8ff591a5671fa2aba052d1b34036c
-
SHA256
ee02e71799054b88e30b9305a2470a501c9aeb9b88d8bb6816527ff582a6adf6
-
SHA512
ec1cfd4ca06bf83ba434e73fc9cfc7835db468f025e05f4572ba6956e39eccfd3567c113edabff69fa711e487e5d619133cf7d8a5aa218b9534a222e3070a928
-
SSDEEP
3072:5fK2RNoVUE3HnqgGupHnozyScqeENUrwSbVMU4/I:lK2ROVUu9G2nJSN0/
Score3/10 -