General

  • Target

    contratto.zip

  • Size

    481B

  • Sample

    230123-mmplysee8w

  • MD5

    e448aee32a619ddcf5944181c1b09045

  • SHA1

    1ef4517d43f60aa015b540c704f5c29db4001ca8

  • SHA256

    aaf8dada953bf6b8e815b4f9d312ab86f6c21ddb10c82a274ca1d95ca54d1feb

  • SHA512

    2e1de9297f95a13df450e8c6c09075748af6e808ad83e50d90ea995af4310f1cb0336257eb4f2955385719a40aa9a26cea94fd54c6881ae698520184b055c16f

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7707

C2

checklist.skype.com

62.173.149.10

31.41.44.27

193.0.178.235

Attributes
  • base_path

    /drew/

  • build

    250250

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      contratto/contratto.url

    • Size

      196B

    • MD5

      582020c54921b9635ea54ddefbf44431

    • SHA1

      4e6e4537fd7c4de2a664e559c08fe2142adb8319

    • SHA256

      c66981ec7d3867d2481ac3ba2cd40f63fdc29782de6d6cbc88fff9376d71d1d3

    • SHA512

      df7d2e19d905bb00024c225d1bd83a4fd8617b9e23d5726721a05201b438f7ce9254b56fc7a4f58843faf174f5d71f351750ea6e7ea7fa11e3cc66b442715cf4

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks