General
-
Target
3580-137-0x00000000024A0000-0x00000000024AE000-memory.dmp
-
Size
56KB
-
MD5
39db4f55227e87e27f9c5e28957f6923
-
SHA1
cb8ad017b214dca408f5940195438ff5600d5ef1
-
SHA256
1f776629324b0e2ec4ce6d5a252550f74fedd784b2f8412ab6d0228f2db03585
-
SHA512
ae6d2e56806bad8c267590ab38918bf7f4334e8eb681f778f36814a7ea30dafe8a4de1891e427925f386a9b81629276b9fd76f3ffaea119c4a8b396571b04717
-
SSDEEP
768:A2k0DToAPYmMNvwEy6jpY5uMIyfcjlQg6zVjVl55fNIBl/DOg0zBw8:K0DTosYmMbB5zyYlyrlvfNIXDOgMw8
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
5050
C2
https://fazz.bing.com/check
dretils.com
Attributes
-
base_path
/jerry/
-
build
250257
-
exe_type
loader
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3580-137-0x00000000024A0000-0x00000000024AE000-memory.dmp
Headers
Sections