General
-
Target
server.exe
-
Size
300KB
-
Sample
230316-g4a71ahd29
-
MD5
a4071382a33bb9fa55ff8bf8b111bc39
-
SHA1
4eb7f936efe97a88aad9d38452829cd63a3624b2
-
SHA256
04234564fe449d51f7e685455fcfafb3b7721a0b7d1551e3a370f579a3530e04
-
SHA512
43a54adc868158e342419a4102e4a58a7556a2670f65991a4b71a23ccdc881edd30919a42dfcd2f8730d4e2117663936ea345dc467b43ebb7d48154fb792a19b
-
SSDEEP
3072:HntJSBTLHSkg+3ukUWAKi1KPx5pZziCtyF4kWzbmgkONlfQKH:HtJQL1737AKwKJ5pZziB4kvIj
Static task
static1
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7714
checklist.skype.com
5.44.43.17
31.41.44.108
62.173.138.213
109.248.11.174
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
server.exe
-
Size
300KB
-
MD5
a4071382a33bb9fa55ff8bf8b111bc39
-
SHA1
4eb7f936efe97a88aad9d38452829cd63a3624b2
-
SHA256
04234564fe449d51f7e685455fcfafb3b7721a0b7d1551e3a370f579a3530e04
-
SHA512
43a54adc868158e342419a4102e4a58a7556a2670f65991a4b71a23ccdc881edd30919a42dfcd2f8730d4e2117663936ea345dc467b43ebb7d48154fb792a19b
-
SSDEEP
3072:HntJSBTLHSkg+3ukUWAKi1KPx5pZziCtyF4kWzbmgkONlfQKH:HtJQL1737AKwKJ5pZziB4kvIj
-