General

  • Target

    server.exe

  • Size

    177KB

  • Sample

    230320-kxwrxacf38

  • MD5

    b464a776c70edbd27af4b57cda69071e

  • SHA1

    ba889d743dd798bfea074c7d253adf8f14806d45

  • SHA256

    d20bdec1d1c63d93bccf249fc8a64db3998f6eb5aef27029ff03cbec9e98d3b5

  • SHA512

    cce35723d7529bd86016d58dd50d917533ae365e56505f105f22da72f670fd80601492637db53fa37e4596df64f828e0ef3962c8e51414b4720104c41aa0d361

  • SSDEEP

    3072:zTUXgTGIAmUzEoweOIWEmSGO5k8FSXMfE7M:MgTfnowbik7MO

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      server.exe

    • Size

      177KB

    • MD5

      b464a776c70edbd27af4b57cda69071e

    • SHA1

      ba889d743dd798bfea074c7d253adf8f14806d45

    • SHA256

      d20bdec1d1c63d93bccf249fc8a64db3998f6eb5aef27029ff03cbec9e98d3b5

    • SHA512

      cce35723d7529bd86016d58dd50d917533ae365e56505f105f22da72f670fd80601492637db53fa37e4596df64f828e0ef3962c8e51414b4720104c41aa0d361

    • SSDEEP

      3072:zTUXgTGIAmUzEoweOIWEmSGO5k8FSXMfE7M:MgTfnowbik7MO

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks