General

  • Target

    1048-56-0x00000000001D0000-0x00000000001DD000-memory.dmp

  • Size

    52KB

  • Sample

    240303-ed1nvsch35

  • MD5

    10c1535d0b06c0be378e3fc3b014687c

  • SHA1

    75d6fa0fbfa4288f32b027afaf4077ec20b76718

  • SHA256

    e5f16f23b3049c8246b8d03b61ea742b77b43d1a7212768e1550b819d2a3cc6e

  • SHA512

    855375fc1586d4b20a09fbf17a55414035d68fa13e8dfbf2e4557383b39101622882eb7137d244366e50baeda17420be3891d8ded3e6be7929573224ab2d7c50

  • SSDEEP

    768:mkc9Q1q7n7iIS3/M4FKT+xGHewB2KyHGNc9l02dMphK3D1GcQh:mC1q63/Mgu+STBMJ9l02dM2D1GcQ

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1048-56-0x00000000001D0000-0x00000000001DD000-memory.dmp

    • Size

      52KB

    • MD5

      10c1535d0b06c0be378e3fc3b014687c

    • SHA1

      75d6fa0fbfa4288f32b027afaf4077ec20b76718

    • SHA256

      e5f16f23b3049c8246b8d03b61ea742b77b43d1a7212768e1550b819d2a3cc6e

    • SHA512

      855375fc1586d4b20a09fbf17a55414035d68fa13e8dfbf2e4557383b39101622882eb7137d244366e50baeda17420be3891d8ded3e6be7929573224ab2d7c50

    • SSDEEP

      768:mkc9Q1q7n7iIS3/M4FKT+xGHewB2KyHGNc9l02dMphK3D1GcQh:mC1q63/Mgu+STBMJ9l02dM2D1GcQ

    Score
    3/10

MITRE ATT&CK Matrix

Tasks