General

  • Target

    server.exe

  • Size

    265KB

  • Sample

    230307-xj7y8sag5w

  • MD5

    e300e7c359c3792e263a1de5dfeb6040

  • SHA1

    4951349e2d0112fdb7475ac9dfe9825096b972ba

  • SHA256

    0c1d1a60a0fc143c9fc830be48c53d488b414921cf4d97d66466ff2a628d1b4d

  • SHA512

    06a89e44f3864a333d0775436910017e4b953f5af501b3c7f9ce969005854c59371c0a776d0a2fac3bfb853e04b6eed5d86f9eeb6c18996c91f1cb7289c64736

  • SSDEEP

    3072:YiTkTkLBIs1teAyoa09He+O1OcNI9ZFFbzeAlWNwqBO8DdrFFtI4eZov:YhILvPenLb5NI9ZFFneK6/rFLI4eZu

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      265KB

    • MD5

      e300e7c359c3792e263a1de5dfeb6040

    • SHA1

      4951349e2d0112fdb7475ac9dfe9825096b972ba

    • SHA256

      0c1d1a60a0fc143c9fc830be48c53d488b414921cf4d97d66466ff2a628d1b4d

    • SHA512

      06a89e44f3864a333d0775436910017e4b953f5af501b3c7f9ce969005854c59371c0a776d0a2fac3bfb853e04b6eed5d86f9eeb6c18996c91f1cb7289c64736

    • SSDEEP

      3072:YiTkTkLBIs1teAyoa09He+O1OcNI9ZFFbzeAlWNwqBO8DdrFFtI4eZov:YhILvPenLb5NI9ZFFneK6/rFLI4eZu

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks