General

  • Target

    server.exe

  • Size

    263KB

  • Sample

    230307-p476qshd9x

  • MD5

    01c14e3fd06158981d6f9c91390cd01c

  • SHA1

    aa2cc644468329cf5abf8da11e6110bd61d7b900

  • SHA256

    19a9a43b36d2ed6516e4b1d8368cb3af64362507d2b30f4cb742fbe50780ee89

  • SHA512

    10bb58081180b53ebb7c95556f75768a692630e63018a46195077d250402b074b28f152cea531e364b2e3003f3d53d10d3ff74456bab3f204005c63e761d0ce6

  • SSDEEP

    3072:rzYI2LQ36fuf1d3BFG3mYA9vjOL0xmYo9+OfRk+Rq2ncI8GTSq6dqDimloDNb:nwL3GN5Nj+0xVAjfRpqZIbZq9mlMNb

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      263KB

    • MD5

      01c14e3fd06158981d6f9c91390cd01c

    • SHA1

      aa2cc644468329cf5abf8da11e6110bd61d7b900

    • SHA256

      19a9a43b36d2ed6516e4b1d8368cb3af64362507d2b30f4cb742fbe50780ee89

    • SHA512

      10bb58081180b53ebb7c95556f75768a692630e63018a46195077d250402b074b28f152cea531e364b2e3003f3d53d10d3ff74456bab3f204005c63e761d0ce6

    • SSDEEP

      3072:rzYI2LQ36fuf1d3BFG3mYA9vjOL0xmYo9+OfRk+Rq2ncI8GTSq6dqDimloDNb:nwL3GN5Nj+0xVAjfRpqZIbZq9mlMNb

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks