General
-
Target
1176-55-0x0000000000180000-0x000000000018E000-memory.dmp
-
Size
56KB
-
MD5
592035f21b021ece347aa4583bbe8f8f
-
SHA1
c0ef6fd0964489e9a8174e13233df026fbd1aaa0
-
SHA256
77f47300b9a3200911357446fcca87c60bbe1ed790c3f0e5b5da775164f67a2c
-
SHA512
7456247967fe1cb79d11defdc8631677c10f0aac0a93d783d8eeb49a822bede50ffed7994ce7361caadbebc7944d020da7e0d4f893958f8524538ac53c451b20
-
SSDEEP
1536:wi6qeSQiSCPALw/g8yH/cgownoJyCVDxGyxE2:6qeSjVPZ/fyH/TowosYGy
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
5050
C2
https://avas1ta.com/in/login/
njamma.com
Attributes
-
base_path
/jerry/
-
build
250259
-
exe_type
loader
-
extension
.bob
-
server_id
50
rsa_pubkey.plain
aes.plain
Signatures
-
Gozi family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1176-55-0x0000000000180000-0x000000000018E000-memory.dmp
Headers
Sections