General

  • Target

    640a1fe083711[1].tar.zip

  • Size

    359KB

  • Sample

    230309-xa6ptahf87

  • MD5

    d638fa0ac510220859a7ed9eb7b1abde

  • SHA1

    17d07f18fa9982556364a3bfc8937b2a548a73f7

  • SHA256

    f7ecbe51adcdb9d89535b9a5bbfa0be08867eeaa0b12cf7f43f66d797a909741

  • SHA512

    9ca8e9156c73813013e71ab69eec040dc8cf08b716c6b6e7694203d3c86b1c7cdd0aa3f2d47896a32f20bc3a5efe1d8e367d986025bb408c91b194767b1004d1

  • SSDEEP

    6144:Yh47alh1NTLXSEhbK2P1ZbTTXB831hwArT8+s+FvwGyYaCSYmM0HWgwAJIZdUrB5:mia5FTSeK2P1d3ec4XsU9JdSYJ0HWgBr

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

157.254.195.117

91.215.85.151

Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      640a1fe083711[1].tar

    • Size

      670KB

    • MD5

      bbcc8ce7492115e5970d0b47f9432f07

    • SHA1

      9514f33b0e0ce4814c422c754f5181a9337b6d4b

    • SHA256

      715cd8f5ce329b92ed0361a50ce7cc90e7b34746380542c040b85d09d3a4fcff

    • SHA512

      399b533f25317f0a83cc585929768908cbd09eff7a83a99afc2aa975b8a3dde2d02c450b6f5911ef2cff0ad9998673629fff0e59e6f562c0f49913611b0059fe

    • SSDEEP

      12288:fcmMRzyQI3Ng+k+f1EuzWrlKkI3I6SZk95VnedDBJhx0W:NMR+93k82uyr0zIfrD

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks