General

  • Target

    824-56-0x0000000000400000-0x00000000004DB000-memory.dmp

  • Size

    876KB

  • Sample

    240303-lf16qsge31

  • MD5

    d94cbcc53b69240a2dd63b0fa481ef0a

  • SHA1

    82885bee7bbb94d3c39d3ba4aafaa49f560f6d17

  • SHA256

    0c5ed9dfa9df475f4501e9b42cc84e172a00fda38464528f38f4d33ea849a7dc

  • SHA512

    76507d7419fa2d15167ce6daefc423b0a5710a15677f1bac43fbb4b847570cf36ba2cc54f21e478fba26673bb4d1d42f37bea0562d5c54ac50f1699a4961dfa9

  • SSDEEP

    3072:VfKMVNoVUE3HnyrDSi26A/ZL9xFSjMfur0VZclldBYkKKu23hzA2g22gwn0JV:RKMVOVUuSr+iK5xFSj3mMBCKTA2o

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      824-56-0x0000000000400000-0x00000000004DB000-memory.dmp

    • Size

      876KB

    • MD5

      d94cbcc53b69240a2dd63b0fa481ef0a

    • SHA1

      82885bee7bbb94d3c39d3ba4aafaa49f560f6d17

    • SHA256

      0c5ed9dfa9df475f4501e9b42cc84e172a00fda38464528f38f4d33ea849a7dc

    • SHA512

      76507d7419fa2d15167ce6daefc423b0a5710a15677f1bac43fbb4b847570cf36ba2cc54f21e478fba26673bb4d1d42f37bea0562d5c54ac50f1699a4961dfa9

    • SSDEEP

      3072:VfKMVNoVUE3HnyrDSi26A/ZL9xFSjMfur0VZclldBYkKKu23hzA2g22gwn0JV:RKMVOVUuSr+iK5xFSj3mMBCKTA2o

    Score
    3/10

MITRE ATT&CK Matrix

Tasks