Overview

overview

10

Static

static

1

84908c9c01...22.exe

windows7-x64

10

84908c9c01...22.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    58s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11-02-2023 01:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84908c9c014c59a36369a618dfc51316646d1dbc3314da3c66100b0706567d22.exe

  • Size

    186KB

  • MD5

    8f055e79a2e55454c54e58de0219dd8c

  • SHA1

    f2d95f53d10e0f1a76aa5b3f82eaa8975710d9f5

  • SHA256

    84908c9c014c59a36369a618dfc51316646d1dbc3314da3c66100b0706567d22

  • SHA512

    9353a7783cf2595358f210731e67f83b6de39e6e09931ffdb84f7eced19eadede98f909257918ca7ec9dd37cf67009484979f54271841c4ed1e9ec97f5334e52

  • SSDEEP

    3072:3FgViTHQYI2m/IWZloyMX1GLvtoXUoDq51VGJ/Vw6jkORAK:3Fd7dmpZl4gTtokoDq51VG5GPORd

Score
10/10
gozi7708bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7708

C2

checklist.skype.com

62.173.147.156

31.41.44.3

46.8.19.140

45.151.232.3

62.173.139.21

185.142.99.47

31.41.44.121
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

    bankertrojangozi

Processes

  • C:\Users\Admin\AppData\Local\Temp\84908c9c014c59a36369a618dfc51316646d1dbc3314da3c66100b0706567d22.exe
    "C:\Users\Admin\AppData\Local\Temp\84908c9c014c59a36369a618dfc51316646d1dbc3314da3c66100b0706567d22.exe"
    1⤵
      PID:1648

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1648-55-0x0000000000220000-0x000000000022B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1648-54-0x00000000006BB000-0x00000000006CE000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1648-56-0x0000000000400000-0x000000000055E000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1648-57-0x0000000000240000-0x000000000024D000-memory.dmp

      Filesize

      52KB

      Download

    • memory/1648-60-0x00000000006BB000-0x00000000006CE000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1648-61-0x0000000000400000-0x000000000055E000-memory.dmp

      Filesize

      1.4MB

      Download