General

  • Target

    1204-56-0x0000000000400000-0x0000000002B6C000-memory.dmp

  • Size

    39.4MB

  • Sample

    240303-px7lmabb39

  • MD5

    8fa335c0e1bee3a3c0c1326d2caddb81

  • SHA1

    bc82203fbf0b74a1205c623b533e19dee4bb8ff3

  • SHA256

    c265eede31c1db02cce1c37ac30217c2b3ab2c4843e50f7f69ba65b737a370d6

  • SHA512

    d0251917694a80751472d49f4efa5038610bd3b9d1bca67a10c1e4fafc321c97fbe4506ce5afba04501d38f3b470f7b07f012a1b4da2a15db363bf13a7fc7218

  • SSDEEP

    3072:2fK/T5zT94QeZDrTgTWHNWDwAdXXjaXCtG5uSYLQ0CT1b+ZnZqSIAskwi1WNObVr:gK/T5t2f0UgBPtGASHZb+hZqSukx1j

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1204-56-0x0000000000400000-0x0000000002B6C000-memory.dmp

    • Size

      39.4MB

    • MD5

      8fa335c0e1bee3a3c0c1326d2caddb81

    • SHA1

      bc82203fbf0b74a1205c623b533e19dee4bb8ff3

    • SHA256

      c265eede31c1db02cce1c37ac30217c2b3ab2c4843e50f7f69ba65b737a370d6

    • SHA512

      d0251917694a80751472d49f4efa5038610bd3b9d1bca67a10c1e4fafc321c97fbe4506ce5afba04501d38f3b470f7b07f012a1b4da2a15db363bf13a7fc7218

    • SSDEEP

      3072:2fK/T5zT94QeZDrTgTWHNWDwAdXXjaXCtG5uSYLQ0CT1b+ZnZqSIAskwi1WNObVr:gK/T5t2f0UgBPtGASHZb+hZqSukx1j

    Score
    3/10

MITRE ATT&CK Matrix

Tasks