General
-
Target
2884-0-0x0000000000130000-0x000000000013F000-memory.dmp
-
Size
60KB
-
MD5
61adeaa0ef6b93aee38f8b074fb4d134
-
SHA1
73a439eeef669b84d0a7fd42d05ce3e92328b4cf
-
SHA256
7ec1ca0f08e9142491ea6fba6bc3977cbbb2a363729938628dc5611fbf58ee87
-
SHA512
e237612c262a8ea07207775b61ab40dab90867e294c09b81ab0860c303343fa8d8b12d27efd55d8e78cd60386e7829b001afecb588a7ebb3773ae26391bb25e8
-
SSDEEP
1536:C5cEqlalXmgVReA+Qc1kEW/p/b/W91Nkd:ucEqlalfVReA+nW/jULk
Malware Config
Extracted
Family
gozi
Botnet
4780
C2
microsoft.com
avast.com
Attributes
-
build
214084
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi family
Files
-
2884-0-0x0000000000130000-0x000000000013F000-memory.dmp