General

  • Target

    server.exe

  • Size

    281KB

  • Sample

    230309-jhez6sbb66

  • MD5

    02ff268fc798c2939c2f4f968b917789

  • SHA1

    6ae2f7e086b64fed10b5098369ef517bf7cce254

  • SHA256

    aa96b7f6516f3f8d7d63d61a30b3af156b92b3e8dace05c8953dcf82ac96a3c6

  • SHA512

    275c0bd9a5ab6ded9264e96735b65663b263a02741a2965f81841b16a7325760b44bf34c917d00d3b33f0bc49059fc4eaa88ddf8664b41e3ab8af6704c25f629

  • SSDEEP

    3072:SJPgzJLfPmIGK2EYIWbwtFtmjZ4RfEvkqkaBuERzLBvqWQw1/JTf7mgTsp1+Hc:Ig9LfXst0t3CS5EZ1RzlvU4jwrF

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7712

C2

checklist.skype.com

62.173.141.36

31.41.44.85

193.233.175.98

46.8.210.110

89.116.227.49

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      281KB

    • MD5

      02ff268fc798c2939c2f4f968b917789

    • SHA1

      6ae2f7e086b64fed10b5098369ef517bf7cce254

    • SHA256

      aa96b7f6516f3f8d7d63d61a30b3af156b92b3e8dace05c8953dcf82ac96a3c6

    • SHA512

      275c0bd9a5ab6ded9264e96735b65663b263a02741a2965f81841b16a7325760b44bf34c917d00d3b33f0bc49059fc4eaa88ddf8664b41e3ab8af6704c25f629

    • SSDEEP

      3072:SJPgzJLfPmIGK2EYIWbwtFtmjZ4RfEvkqkaBuERzLBvqWQw1/JTf7mgTsp1+Hc:Ig9LfXst0t3CS5EZ1RzlvU4jwrF

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks