General

  • Target

    cliente.zip

  • Size

    465B

  • Sample

    230308-js5ctaec7z

  • MD5

    a25fd6398652e6f3e8b8b52ad56ccd45

  • SHA1

    09853ef46474583df92630d5ed6d517e32b5cc85

  • SHA256

    6a11b49472e5ea497098f11ab66bde3fb6fa1a6762b73cf08f1dfa83efae22e6

  • SHA512

    06a6c067891ffb2d4d319162bbcc848395e13fcc357c5cec09dcf3656e45d3ea74eaebfe6e505d8ba9dc1df79e8f005b9cd5a51abde14aacbe1e713c18ce1f18

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      cliente/cliente.url

    • Size

      191B

    • MD5

      361301f6ad56d5f44ed70afcbf223df0

    • SHA1

      1195b135d96ee1214531ba0c6146318f2524bea8

    • SHA256

      2362e52e347d77a6b101b80057d9770e44a44599889385a83822625901631583

    • SHA512

      394a2f7d97b7bd70e5827f0294deaee00a710fe931fad8a964ca6f694997de61a3dbd3f63e57a2f119733ea2150c5b1379a4f92b0d871f9714317cc67d9c8284

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks