General
-
Target
1476-56-0x0000000000400000-0x0000000002B6C000-memory.dmp
-
Size
39.4MB
-
Sample
240303-r1dttsca41
-
MD5
217a04d64a5772a6ddfdfa86363cac70
-
SHA1
0ecc5805b670234547dd4fa61822c35b7739f64e
-
SHA256
9d11460ac3e58b240512c95d2257b837679870bce18ae4eacfb6e2dadb2c7f93
-
SHA512
8a4b899c67d5a40de616e0f620b521fb73182cefe562cc4b90045c45cfc5ec3821ab126742a2ba7dee272cc91c43414eedda7f892aced5f083cf28da6b5f29ba
-
SSDEEP
3072:2fK6T5zT94QeZDZix5QeiD/XzbN9hrbOo52p2pkyr8tYa4Pp8orWN8aeDr:gK6T5t29aCL9hrbOjspffK2va
Behavioral task
behavioral1
Sample
1476-56-0x0000000000400000-0x0000000002B6C000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1476-56-0x0000000000400000-0x0000000002B6C000-memory.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
gozi
Extracted
gozi
7716
checklist.skype.com
193.233.175.115
185.68.93.20
62.173.140.250
46.8.210.133
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
1476-56-0x0000000000400000-0x0000000002B6C000-memory.dmp
-
Size
39.4MB
-
MD5
217a04d64a5772a6ddfdfa86363cac70
-
SHA1
0ecc5805b670234547dd4fa61822c35b7739f64e
-
SHA256
9d11460ac3e58b240512c95d2257b837679870bce18ae4eacfb6e2dadb2c7f93
-
SHA512
8a4b899c67d5a40de616e0f620b521fb73182cefe562cc4b90045c45cfc5ec3821ab126742a2ba7dee272cc91c43414eedda7f892aced5f083cf28da6b5f29ba
-
SSDEEP
3072:2fK6T5zT94QeZDZix5QeiD/XzbN9hrbOo52p2pkyr8tYa4Pp8orWN8aeDr:gK6T5t29aCL9hrbOjspffK2va
Score3/10 -