General

  • Target

    server.exe

  • Size

    300KB

  • Sample

    230316-g4a71ahd29

  • MD5

    a4071382a33bb9fa55ff8bf8b111bc39

  • SHA1

    4eb7f936efe97a88aad9d38452829cd63a3624b2

  • SHA256

    04234564fe449d51f7e685455fcfafb3b7721a0b7d1551e3a370f579a3530e04

  • SHA512

    43a54adc868158e342419a4102e4a58a7556a2670f65991a4b71a23ccdc881edd30919a42dfcd2f8730d4e2117663936ea345dc467b43ebb7d48154fb792a19b

  • SSDEEP

    3072:HntJSBTLHSkg+3ukUWAKi1KPx5pZziCtyF4kWzbmgkONlfQKH:HtJQL1737AKwKJ5pZziB4kvIj

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7714

C2

checklist.skype.com

5.44.43.17

31.41.44.108

62.173.138.213

109.248.11.174

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      300KB

    • MD5

      a4071382a33bb9fa55ff8bf8b111bc39

    • SHA1

      4eb7f936efe97a88aad9d38452829cd63a3624b2

    • SHA256

      04234564fe449d51f7e685455fcfafb3b7721a0b7d1551e3a370f579a3530e04

    • SHA512

      43a54adc868158e342419a4102e4a58a7556a2670f65991a4b71a23ccdc881edd30919a42dfcd2f8730d4e2117663936ea345dc467b43ebb7d48154fb792a19b

    • SSDEEP

      3072:HntJSBTLHSkg+3ukUWAKi1KPx5pZziCtyF4kWzbmgkONlfQKH:HtJQL1737AKwKJ5pZziB4kvIj

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks