General
-
Target
server.exe
-
Size
281KB
-
Sample
230309-jhez6sbb66
-
MD5
02ff268fc798c2939c2f4f968b917789
-
SHA1
6ae2f7e086b64fed10b5098369ef517bf7cce254
-
SHA256
aa96b7f6516f3f8d7d63d61a30b3af156b92b3e8dace05c8953dcf82ac96a3c6
-
SHA512
275c0bd9a5ab6ded9264e96735b65663b263a02741a2965f81841b16a7325760b44bf34c917d00d3b33f0bc49059fc4eaa88ddf8664b41e3ab8af6704c25f629
-
SSDEEP
3072:SJPgzJLfPmIGK2EYIWbwtFtmjZ4RfEvkqkaBuERzLBvqWQw1/JTf7mgTsp1+Hc:Ig9LfXst0t3CS5EZ1RzlvU4jwrF
Static task
static1
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7712
checklist.skype.com
62.173.141.36
31.41.44.85
193.233.175.98
46.8.210.110
89.116.227.49
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
server.exe
-
Size
281KB
-
MD5
02ff268fc798c2939c2f4f968b917789
-
SHA1
6ae2f7e086b64fed10b5098369ef517bf7cce254
-
SHA256
aa96b7f6516f3f8d7d63d61a30b3af156b92b3e8dace05c8953dcf82ac96a3c6
-
SHA512
275c0bd9a5ab6ded9264e96735b65663b263a02741a2965f81841b16a7325760b44bf34c917d00d3b33f0bc49059fc4eaa88ddf8664b41e3ab8af6704c25f629
-
SSDEEP
3072:SJPgzJLfPmIGK2EYIWbwtFtmjZ4RfEvkqkaBuERzLBvqWQw1/JTf7mgTsp1+Hc:Ig9LfXst0t3CS5EZ1RzlvU4jwrF
-