General

  • Target

    tAF8C.svg

  • Size

    339KB

  • Sample

    230316-q3nw5sdd4v

  • MD5

    ff02fe5d16d3abcbef7b17ee384e734f

  • SHA1

    7796e4d639823bb80fe94af55abc037c8c06c35c

  • SHA256

    0f5c83fb5172a5ea04a023ef355d274f7572e0d294be6f9664d1d3bd8540fdcf

  • SHA512

    1bfc68a18ba0fa1f4b94891fb280c36480471b43fb6e3d1e715e378a71b3d0482dba5530577ee87e35ef90ffec21935d22383acc010f439bcc0ff6d8bfd2d087

  • SSDEEP

    6144:yFkcequUUnJqlXp8qm6SUbWNGhw2/K6786TEnCAIpi9MxipEl7BuHBTpOdNPIGA3:wkXG58L6foMbGB

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://config.edge.skype.com

157.254.195.117

91.215.85.172

Attributes
  • base_path

    /jerry/

  • build

    250255

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      tAF8C.svg

    • Size

      339KB

    • MD5

      ff02fe5d16d3abcbef7b17ee384e734f

    • SHA1

      7796e4d639823bb80fe94af55abc037c8c06c35c

    • SHA256

      0f5c83fb5172a5ea04a023ef355d274f7572e0d294be6f9664d1d3bd8540fdcf

    • SHA512

      1bfc68a18ba0fa1f4b94891fb280c36480471b43fb6e3d1e715e378a71b3d0482dba5530577ee87e35ef90ffec21935d22383acc010f439bcc0ff6d8bfd2d087

    • SSDEEP

      6144:yFkcequUUnJqlXp8qm6SUbWNGhw2/K6786TEnCAIpi9MxipEl7BuHBTpOdNPIGA3:wkXG58L6foMbGB

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks