General

  • Target

    715cd8f5ce329b92ed0361a50ce7cc90e7b34746380542c040b85d09d3a4fcff.zip

  • Size

    360KB

  • Sample

    230309-lp8l6saf7s

  • MD5

    04f1257f8c57c69626a5dd041f004c61

  • SHA1

    c36c68c987b4b0f4c84a3e2e8656e050ec210cb8

  • SHA256

    ce1dff7d3ab7e6dd4a2e8de8fdc696e168c139e2427de46bba1a22a574303c94

  • SHA512

    fb6cc5909e1c3e4cd940ac849219f07186808390890660113a88aa033f0ee885f6f1e49b92c6c7550227a1e8a4a377b4c19cdf918aa7a8336e5a375c24f4468b

  • SSDEEP

    6144:YJhbIT2/lvgFYr6YDkizGjAi9UqIvAZthMA5cdLxQEMwgB7Dk19k7SuXs5Afumv9:YJh0slvwYr5ARjmqIv44A53ECBE7+SuD

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

157.254.195.117

91.215.85.151

Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      715cd8f5ce329b92ed0361a50ce7cc90e7b34746380542c040b85d09d3a4fcff.dll

    • Size

      670KB

    • MD5

      bbcc8ce7492115e5970d0b47f9432f07

    • SHA1

      9514f33b0e0ce4814c422c754f5181a9337b6d4b

    • SHA256

      715cd8f5ce329b92ed0361a50ce7cc90e7b34746380542c040b85d09d3a4fcff

    • SHA512

      399b533f25317f0a83cc585929768908cbd09eff7a83a99afc2aa975b8a3dde2d02c450b6f5911ef2cff0ad9998673629fff0e59e6f562c0f49913611b0059fe

    • SSDEEP

      12288:fcmMRzyQI3Ng+k+f1EuzWrlKkI3I6SZk95VnedDBJhx0W:NMR+93k82uyr0zIfrD

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks