General

  • Target

    431c575587d9938ba31a73b4fdbef08b.bin

  • Size

    169KB

  • Sample

    230308-bkwrpsdc73

  • MD5

    37bff9d0ee86197d5c27cc4257022086

  • SHA1

    a26c5239cf59ca86d3c0174c54de6c0db86cc75f

  • SHA256

    dd701fd4d477d8869e88c4432106862cc409af3f1c0dcec22dee4ff40fbb4e15

  • SHA512

    48bc188dceebd4b23158abe9d5ad9ced409296c09c96d49f6ac938ab76e9aadd3e266fd01404772400ab68aa7670ff4101c3a38fffaad34e08dee7e1ecc499d4

  • SSDEEP

    3072:c7MJ2gIGKcsUhGkMjz+E3F99Gq99ApG+amRmvGFNoW/Czq77GrG8Rora282yt/:c76Js/jL/939Ap7XmvGFNVarzZiyt/

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      236f2a9fcc1176a802946828029465d054626f92d258015f8abccdc52d2365e7.exe

    • Size

      321KB

    • MD5

      431c575587d9938ba31a73b4fdbef08b

    • SHA1

      0b54adf6c018ab02f93b4faf68f64a7623d1b7b2

    • SHA256

      236f2a9fcc1176a802946828029465d054626f92d258015f8abccdc52d2365e7

    • SHA512

      f2ea2e130f33b896713c10d3fbd8572adb13815d12adb5d2ec13b631bf5e72d8072b89274aec9fec631beb57fae041b02d337b0046aec1e6c1274672e9d301da

    • SSDEEP

      3072:WpuIWHR3foxLjSafmuaXZus/rutDMZDXvCXzdVKu6HR/ayjGZEOF:bH2xLjhmlDruWFXvSM9xaeE

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks