General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • Sample

    230309-jpbw4abb97

  • MD5

    99f3bdae548f13df05abf52fdc664bd6

  • SHA1

    7dbaa568ffecabad7655d559fa29901bd7dae058

  • SHA256

    f000742f91c25d08477ee7350a252ee79ede94380624086e6fc3dad058244aaa

  • SHA512

    75a2dcf85d1906d7c4517fec10f9b90bf9442fa57116c81b4d793fbdbda7dd35e3dc5e55e2e4f2fb6a63bca0a9904f59736aa80c1ce22b14142cff7427a5e023

  • SSDEEP

    768:N0gsqVXye2rS/Q4VYXQIVpCHlNBmQWGk2j+A6ewBvu7gpzhK3D1GcP:N9sq8S/QEYXQIVWlvmYp6ewNu7hD1GcP

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7712

C2

checklist.skype.com

62.173.141.36

31.41.44.85

193.233.175.98

46.8.210.110

89.116.227.49

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      43KB

    • MD5

      99f3bdae548f13df05abf52fdc664bd6

    • SHA1

      7dbaa568ffecabad7655d559fa29901bd7dae058

    • SHA256

      f000742f91c25d08477ee7350a252ee79ede94380624086e6fc3dad058244aaa

    • SHA512

      75a2dcf85d1906d7c4517fec10f9b90bf9442fa57116c81b4d793fbdbda7dd35e3dc5e55e2e4f2fb6a63bca0a9904f59736aa80c1ce22b14142cff7427a5e023

    • SSDEEP

      768:N0gsqVXye2rS/Q4VYXQIVpCHlNBmQWGk2j+A6ewBvu7gpzhK3D1GcP:N9sq8S/QEYXQIVWlvmYp6ewNu7hD1GcP

    Score
    1/10

MITRE ATT&CK Matrix

Tasks