General

  • Target

    1048-59-0x0000000000400000-0x00000000004AD000-memory.dmp

  • Size

    692KB

  • Sample

    240303-eflmqach49

  • MD5

    d41839745b294ad3801f2050a52df7eb

  • SHA1

    5a24aa39f5e485ba9f32b921337c8ab30e852a9f

  • SHA256

    7d2bff97dbd20664f1a62a7979b0652673a8b787fb3394af53462a0b8fb8ccb1

  • SHA512

    bb3c75b59ab7fc10a9cbaa32e227ef1a877c134e9b7c7bdfcbed437c6af84aa15b1c19f2763f5cd553c1dea379aff1d1de1cae08da09963cbc368c1978f58cec

  • SSDEEP

    3072:wfKTooyNoVUE3Hnrn7HJNM1NjtJMD1U85En8d/LpbM:+KTobOVUuj7HihCm85En815

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1048-59-0x0000000000400000-0x00000000004AD000-memory.dmp

    • Size

      692KB

    • MD5

      d41839745b294ad3801f2050a52df7eb

    • SHA1

      5a24aa39f5e485ba9f32b921337c8ab30e852a9f

    • SHA256

      7d2bff97dbd20664f1a62a7979b0652673a8b787fb3394af53462a0b8fb8ccb1

    • SHA512

      bb3c75b59ab7fc10a9cbaa32e227ef1a877c134e9b7c7bdfcbed437c6af84aa15b1c19f2763f5cd553c1dea379aff1d1de1cae08da09963cbc368c1978f58cec

    • SSDEEP

      3072:wfKTooyNoVUE3Hnrn7HJNM1NjtJMD1U85En8d/LpbM:+KTobOVUuj7HihCm85En815

    Score
    3/10

MITRE ATT&CK Matrix

Tasks