General

  • Target

    server.exe

  • Size

    321KB

  • Sample

    230309-sre6zabh7x

  • MD5

    97fb58dffaa57c59301b9680f331a3c7

  • SHA1

    6cd4f85a01c230ebc8feecddaf58e9d605beab2f

  • SHA256

    957b7f7039ef6b3c84f374b6b602466cb196e50e477a37e012423b7a9d72aa7f

  • SHA512

    2ff2472b40571103eb3df3060099258dc89e47bcbf460d4c1107f61010596a269c20cb7d143ea362c00533edd211694fa690337407c7851de1305811981599d9

  • SSDEEP

    3072:CLuI+rRtX63Lz0a/qCaBjus/kMuUQ1GwINU77sDm/lG3bWphFHtUyCXC/OF:Jra3Lzjq/hkhtgUnsa/liSVtTe

Malware Config

Extracted

Family

gozi

Botnet

7710

C2

checklist.skype.com

62.173.140.103

31.41.44.63

46.8.19.239

185.77.96.40

46.8.19.116

31.41.44.48

62.173.139.11

62.173.138.251

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      server.exe

    • Size

      321KB

    • MD5

      97fb58dffaa57c59301b9680f331a3c7

    • SHA1

      6cd4f85a01c230ebc8feecddaf58e9d605beab2f

    • SHA256

      957b7f7039ef6b3c84f374b6b602466cb196e50e477a37e012423b7a9d72aa7f

    • SHA512

      2ff2472b40571103eb3df3060099258dc89e47bcbf460d4c1107f61010596a269c20cb7d143ea362c00533edd211694fa690337407c7851de1305811981599d9

    • SSDEEP

      3072:CLuI+rRtX63Lz0a/qCaBjus/kMuUQ1GwINU77sDm/lG3bWphFHtUyCXC/OF:Jra3Lzjq/hkhtgUnsa/liSVtTe

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks