General

  • Target

    3140-192-0x0000000008AB0000-0x0000000008B53000-memory.dmp

  • Size

    652KB

  • MD5

    90503a740fe768cc28af4aef27d7edfd

  • SHA1

    f453af2070631992de10d73c6c08c6504c0e9a22

  • SHA256

    6968ee31fcaa85858d0286f95b75c5891934ac108bf41271bd1a7aa14b309e48

  • SHA512

    ca15e0e5e0fd7893d7682bb5ace01f93b5eb0ad5492140a799b4bf0cc1576bf6bae2ea0db225803dd236df54bb0a46a25744061841d6f077033872e8a2aa714c

  • SSDEEP

    12288:vgrRK2P8EpMPss84eT5V2guFQjzkyodVImPvnWDxwx8hG2ibOi2gR0bF2Xn1cKF:IQ2PqPsspemRQjbuiavWD6EG2iboUXZ

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

5050

C2

twinean.com

Attributes
  • base_path

    /jerry/

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • 3140-192-0x0000000008AB0000-0x0000000008B53000-memory.dmp