General

  • Target

    6409a699e5cca.dll

  • Size

    670KB

  • Sample

    230309-lfwk9abf97

  • MD5

    bbcc8ce7492115e5970d0b47f9432f07

  • SHA1

    9514f33b0e0ce4814c422c754f5181a9337b6d4b

  • SHA256

    715cd8f5ce329b92ed0361a50ce7cc90e7b34746380542c040b85d09d3a4fcff

  • SHA512

    399b533f25317f0a83cc585929768908cbd09eff7a83a99afc2aa975b8a3dde2d02c450b6f5911ef2cff0ad9998673629fff0e59e6f562c0f49913611b0059fe

  • SSDEEP

    12288:fcmMRzyQI3Ng+k+f1EuzWrlKkI3I6SZk95VnedDBJhx0W:NMR+93k82uyr0zIfrD

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

157.254.195.117

91.215.85.151

Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      6409a699e5cca.dll

    • Size

      670KB

    • MD5

      bbcc8ce7492115e5970d0b47f9432f07

    • SHA1

      9514f33b0e0ce4814c422c754f5181a9337b6d4b

    • SHA256

      715cd8f5ce329b92ed0361a50ce7cc90e7b34746380542c040b85d09d3a4fcff

    • SHA512

      399b533f25317f0a83cc585929768908cbd09eff7a83a99afc2aa975b8a3dde2d02c450b6f5911ef2cff0ad9998673629fff0e59e6f562c0f49913611b0059fe

    • SSDEEP

      12288:fcmMRzyQI3Ng+k+f1EuzWrlKkI3I6SZk95VnedDBJhx0W:NMR+93k82uyr0zIfrD

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks