Overview

overview

10

Static

static

1

dow.exe

windows7-x64

10

dow.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dow.exe

  • Size

    194KB

  • Sample

    230301-rl9mysga8x

  • MD5

    d055f0b77a70a552d00e830b31a1157c

  • SHA1

    3f2e82445ff35440405dd1d439941c83fbc57fd3

  • SHA256

    9d1e71b94eab825c928377e93377feb62e02a85b7d750b883919207119a56e0d

  • SHA512

    4c684ec4dd580caa044961953fed5e6a7bd8001a05740e9b6409616e4943c7a3488d86f189858af63b0f146acf213c69aa6a1ff44b9411b2d859c49308bf0507

  • SSDEEP

    3072:BUEN6BVIBcdUvtFwv5LN427mYReBUHPxxI9mxKw9RAw2tK1oyYC2:B/NaOcdqtFwXfmYReBUTCzuOjKOG2

Score
10/10
gozi7709bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7709

C2

checklist.skype.com

62.173.141.252

31.41.44.33

109.248.11.112
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      dow.exe

    • Size

      194KB

    • MD5

      d055f0b77a70a552d00e830b31a1157c

    • SHA1

      3f2e82445ff35440405dd1d439941c83fbc57fd3

    • SHA256

      9d1e71b94eab825c928377e93377feb62e02a85b7d750b883919207119a56e0d

    • SHA512

      4c684ec4dd580caa044961953fed5e6a7bd8001a05740e9b6409616e4943c7a3488d86f189858af63b0f146acf213c69aa6a1ff44b9411b2d859c49308bf0507

    • SSDEEP

      3072:BUEN6BVIBcdUvtFwv5LN427mYReBUHPxxI9mxKw9RAw2tK1oyYC2:B/NaOcdqtFwXfmYReBUTCzuOjKOG2

    Score
    10/10
    gozi7709bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks