General

  • Target

    server.exe

  • Size

    177KB

  • Sample

    230320-j5ye2aee8w

  • MD5

    88176d4cc232bd1aea81caaa0071174e

  • SHA1

    2d0a1593692ec9eeb8f33f48826539fbe8492d6d

  • SHA256

    6bff2ef434e07b1919cd17a3f47d1494764f3b5ac2449326ab8f0c53e1a7d3ee

  • SHA512

    65eaf077a641a189e07e9a890831aedc945876acaf995158218685a62fc2b147b57026f0e1e7e6fb08f1367af79f249edcabb8ffc15212d79951e6eac937968e

  • SSDEEP

    3072:85/nqdR3WDzhpezjJ8gWBziVjeBfTWSrc+:gqbaeBMOKMSrc

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      177KB

    • MD5

      88176d4cc232bd1aea81caaa0071174e

    • SHA1

      2d0a1593692ec9eeb8f33f48826539fbe8492d6d

    • SHA256

      6bff2ef434e07b1919cd17a3f47d1494764f3b5ac2449326ab8f0c53e1a7d3ee

    • SHA512

      65eaf077a641a189e07e9a890831aedc945876acaf995158218685a62fc2b147b57026f0e1e7e6fb08f1367af79f249edcabb8ffc15212d79951e6eac937968e

    • SSDEEP

      3072:85/nqdR3WDzhpezjJ8gWBziVjeBfTWSrc+:gqbaeBMOKMSrc

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks