General
-
Target
server.exe
-
Size
263KB
-
Sample
230307-p476qshd9x
-
MD5
01c14e3fd06158981d6f9c91390cd01c
-
SHA1
aa2cc644468329cf5abf8da11e6110bd61d7b900
-
SHA256
19a9a43b36d2ed6516e4b1d8368cb3af64362507d2b30f4cb742fbe50780ee89
-
SHA512
10bb58081180b53ebb7c95556f75768a692630e63018a46195077d250402b074b28f152cea531e364b2e3003f3d53d10d3ff74456bab3f204005c63e761d0ce6
-
SSDEEP
3072:rzYI2LQ36fuf1d3BFG3mYA9vjOL0xmYo9+OfRk+Rq2ncI8GTSq6dqDimloDNb:nwL3GN5Nj+0xVAjfRpqZIbZq9mlMNb
Static task
static1
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7710
checklist.skype.com
62.173.140.103
31.41.44.63
46.8.19.239
185.77.96.40
46.8.19.116
31.41.44.48
62.173.139.11
62.173.138.251
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
server.exe
-
Size
263KB
-
MD5
01c14e3fd06158981d6f9c91390cd01c
-
SHA1
aa2cc644468329cf5abf8da11e6110bd61d7b900
-
SHA256
19a9a43b36d2ed6516e4b1d8368cb3af64362507d2b30f4cb742fbe50780ee89
-
SHA512
10bb58081180b53ebb7c95556f75768a692630e63018a46195077d250402b074b28f152cea531e364b2e3003f3d53d10d3ff74456bab3f204005c63e761d0ce6
-
SSDEEP
3072:rzYI2LQ36fuf1d3BFG3mYA9vjOL0xmYo9+OfRk+Rq2ncI8GTSq6dqDimloDNb:nwL3GN5Nj+0xVAjfRpqZIbZq9mlMNb
-