General

  • Target

    server.exe

  • Size

    192KB

  • Sample

    230308-h13nhseb3y

  • MD5

    c6f3e8fca98ff28eaf0ae05d55d25a43

  • SHA1

    f55311179339c6a63ff8bd4fa9e778d42f53711f

  • SHA256

    8ca6d4d0d27c950e7bc234bc16b0a89bf9122ac5b708fa215ce7bf4009387350

  • SHA512

    15215fb0fbaf7e7810c002cf949a73466f9128199c232af1494a746221b00cc815a8f656a9bac3d99fd47a5f70a2339431abd38efd2c59271d2eae793558c302

  • SSDEEP

    3072:vb3yZLXEOZu0UYKgcN6ugTCIKmO8YUAWDE/Rp9gRFGH52c:u9XTZu0zKnNYDlO8YI4Zp9gr

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      192KB

    • MD5

      c6f3e8fca98ff28eaf0ae05d55d25a43

    • SHA1

      f55311179339c6a63ff8bd4fa9e778d42f53711f

    • SHA256

      8ca6d4d0d27c950e7bc234bc16b0a89bf9122ac5b708fa215ce7bf4009387350

    • SHA512

      15215fb0fbaf7e7810c002cf949a73466f9128199c232af1494a746221b00cc815a8f656a9bac3d99fd47a5f70a2339431abd38efd2c59271d2eae793558c302

    • SSDEEP

      3072:vb3yZLXEOZu0UYKgcN6ugTCIKmO8YUAWDE/Rp9gRFGH52c:u9XTZu0zKnNYDlO8YI4Zp9gr

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks