General
-
Target
1204-56-0x0000000000400000-0x0000000002B6C000-memory.dmp
-
Size
39.4MB
-
Sample
240303-px7lmabb39
-
MD5
8fa335c0e1bee3a3c0c1326d2caddb81
-
SHA1
bc82203fbf0b74a1205c623b533e19dee4bb8ff3
-
SHA256
c265eede31c1db02cce1c37ac30217c2b3ab2c4843e50f7f69ba65b737a370d6
-
SHA512
d0251917694a80751472d49f4efa5038610bd3b9d1bca67a10c1e4fafc321c97fbe4506ce5afba04501d38f3b470f7b07f012a1b4da2a15db363bf13a7fc7218
-
SSDEEP
3072:2fK/T5zT94QeZDrTgTWHNWDwAdXXjaXCtG5uSYLQ0CT1b+ZnZqSIAskwi1WNObVr:gK/T5t2f0UgBPtGASHZb+hZqSukx1j
Behavioral task
behavioral1
Sample
1204-56-0x0000000000400000-0x0000000002B6C000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1204-56-0x0000000000400000-0x0000000002B6C000-memory.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
gozi
Extracted
gozi
7716
checklist.skype.com
193.233.175.115
185.68.93.20
62.173.140.250
46.8.210.133
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
1204-56-0x0000000000400000-0x0000000002B6C000-memory.dmp
-
Size
39.4MB
-
MD5
8fa335c0e1bee3a3c0c1326d2caddb81
-
SHA1
bc82203fbf0b74a1205c623b533e19dee4bb8ff3
-
SHA256
c265eede31c1db02cce1c37ac30217c2b3ab2c4843e50f7f69ba65b737a370d6
-
SHA512
d0251917694a80751472d49f4efa5038610bd3b9d1bca67a10c1e4fafc321c97fbe4506ce5afba04501d38f3b470f7b07f012a1b4da2a15db363bf13a7fc7218
-
SSDEEP
3072:2fK/T5zT94QeZDrTgTWHNWDwAdXXjaXCtG5uSYLQ0CT1b+ZnZqSIAskwi1WNObVr:gK/T5t2f0UgBPtGASHZb+hZqSukx1j
Score3/10 -