General

  • Target

    1568-56-0x0000000000400000-0x00000000004DB000-memory.dmp

  • Size

    876KB

  • Sample

    240303-k8r8vsgg83

  • MD5

    e0c227f092cd392122b33d2ca02ba9da

  • SHA1

    88f3d1c7030a450926835796b1afafb672bc0da0

  • SHA256

    2b27d98ef5dd777c7e4aec21d9fc76408f73ecd27c25cea705d06d0a8d2c9e5f

  • SHA512

    fe647fb7651ab232263cdf708c990a30464f4baeb9c9bf0425d32cdede3cf70ebad76981563d02ade6926b07049fadecf95bf7c2fb6fa32b77f1e010ef1d7f54

  • SSDEEP

    3072:VfKlVNoVUE3HnPatQNb5AACG/TuSn4G+btjGWHAoGAVfAgwn0F:RKlVOVUuvsC12Sv8xHGT

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1568-56-0x0000000000400000-0x00000000004DB000-memory.dmp

    • Size

      876KB

    • MD5

      e0c227f092cd392122b33d2ca02ba9da

    • SHA1

      88f3d1c7030a450926835796b1afafb672bc0da0

    • SHA256

      2b27d98ef5dd777c7e4aec21d9fc76408f73ecd27c25cea705d06d0a8d2c9e5f

    • SHA512

      fe647fb7651ab232263cdf708c990a30464f4baeb9c9bf0425d32cdede3cf70ebad76981563d02ade6926b07049fadecf95bf7c2fb6fa32b77f1e010ef1d7f54

    • SSDEEP

      3072:VfKlVNoVUE3HnPatQNb5AACG/TuSn4G+btjGWHAoGAVfAgwn0F:RKlVOVUuvsC12Sv8xHGT

    Score
    3/10

MITRE ATT&CK Matrix

Tasks