General

  • Target

    98b31a7e9193977309bfa77739d0aa29.bin

  • Size

    168KB

  • Sample

    230308-bxdfwsdd52

  • MD5

    fd2bcc3c40d1449a76821601dfc623e1

  • SHA1

    1fe007746f67ee3e2d1340854bceedcd8a53ade4

  • SHA256

    365a88a175ad9bf189702a88df2b70f297aeda7fa5cda861665533b315b36d5e

  • SHA512

    498150ad492fa92816062a4ab15b67ea21353c3fc8932ecdaf1ec90bf8aba2d008e51f652ed1d4206dd4251454b82b1726b1b536f987dd488c14e61686244266

  • SSDEEP

    3072:Oo9C9p7EVVGxML3qBESRTncDk6qV1jqlUjT3tJgq79zZlDMCAcfSZBCzy4iW4Q:9srEX53gNcTEqlOTF79zZlJbSZBCzQWR

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      ad738ad2b402c8918bdfcf0b90c9d3aad7802a62cea735d522351bca5bf8d1d7.exe

    • Size

      321KB

    • MD5

      98b31a7e9193977309bfa77739d0aa29

    • SHA1

      2b0e4c6ff0448e9ca370b456e2522a175f0cbdc6

    • SHA256

      ad738ad2b402c8918bdfcf0b90c9d3aad7802a62cea735d522351bca5bf8d1d7

    • SHA512

      0b062e09f79990e65c26668c8b3a58b203aa05da53cc53c2db6010f034ade4f88bb42b260ba7af7f7a32279b7de3496b6aa8abae6a5421e13468cac97c7ec3de

    • SSDEEP

      3072:9I669inLJ1MYFsZaznV7dSYXnGqyQxkTw03GWvmb6MRi/4OJdL0KY9e5fT:i6XnLXLsZMTX7yBw03LEDr

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks