General

  • Target

    1476-56-0x0000000000400000-0x0000000002B6C000-memory.dmp

  • Size

    39.4MB

  • Sample

    240303-r1dttsca41

  • MD5

    217a04d64a5772a6ddfdfa86363cac70

  • SHA1

    0ecc5805b670234547dd4fa61822c35b7739f64e

  • SHA256

    9d11460ac3e58b240512c95d2257b837679870bce18ae4eacfb6e2dadb2c7f93

  • SHA512

    8a4b899c67d5a40de616e0f620b521fb73182cefe562cc4b90045c45cfc5ec3821ab126742a2ba7dee272cc91c43414eedda7f892aced5f083cf28da6b5f29ba

  • SSDEEP

    3072:2fK6T5zT94QeZDZix5QeiD/XzbN9hrbOo52p2pkyr8tYa4Pp8orWN8aeDr:gK6T5t29aCL9hrbOjspffK2va

Score
10/10

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1476-56-0x0000000000400000-0x0000000002B6C000-memory.dmp

    • Size

      39.4MB

    • MD5

      217a04d64a5772a6ddfdfa86363cac70

    • SHA1

      0ecc5805b670234547dd4fa61822c35b7739f64e

    • SHA256

      9d11460ac3e58b240512c95d2257b837679870bce18ae4eacfb6e2dadb2c7f93

    • SHA512

      8a4b899c67d5a40de616e0f620b521fb73182cefe562cc4b90045c45cfc5ec3821ab126742a2ba7dee272cc91c43414eedda7f892aced5f083cf28da6b5f29ba

    • SSDEEP

      3072:2fK6T5zT94QeZDZix5QeiD/XzbN9hrbOo52p2pkyr8tYa4Pp8orWN8aeDr:gK6T5t29aCL9hrbOjspffK2va

    Score
    3/10

MITRE ATT&CK Matrix

Tasks