General

  • Target

    server.exe

  • Size

    185KB

  • Sample

    230308-y5jzzagh27

  • MD5

    8471983647373e0bbf28b42cbeef05cd

  • SHA1

    b96e96b206aa49c958f1f72faa9c94836ba40ee8

  • SHA256

    bb426461ef70ffd601cb64a687c62edda066b99a79e49d880918300da5eb6548

  • SHA512

    cab6f5f63b48ddd51447ac76219a222937810a7d9be85e886817cada7d8d90087ab32d8dae347c298784d72ca8ca22f415ec718738019839f81f765bb83a583c

  • SSDEEP

    3072:99TF8soKOiplAtOJy6xOAOwk+JpWV9I7C+vaaTqF:R7ojip5DOwk+JpWV9oCua7

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7711

C2

checklist.skype.com

62.173.138.6

89.117.37.146

46.8.210.82

89.116.227.15

31.41.44.51

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      185KB

    • MD5

      8471983647373e0bbf28b42cbeef05cd

    • SHA1

      b96e96b206aa49c958f1f72faa9c94836ba40ee8

    • SHA256

      bb426461ef70ffd601cb64a687c62edda066b99a79e49d880918300da5eb6548

    • SHA512

      cab6f5f63b48ddd51447ac76219a222937810a7d9be85e886817cada7d8d90087ab32d8dae347c298784d72ca8ca22f415ec718738019839f81f765bb83a583c

    • SSDEEP

      3072:99TF8soKOiplAtOJy6xOAOwk+JpWV9I7C+vaaTqF:R7ojip5DOwk+JpWV9oCua7

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks