General

  • Target

    server.exe

  • Size

    177KB

  • Sample

    230320-mb8wfseh6y

  • MD5

    68d4bfeb87777e1c8766088077822341

  • SHA1

    b7d12612d8ef6aa44b1bcbdea0e6979769841300

  • SHA256

    308110773533c5740fd92d77094da83152f98230cd9635bc8f7dcd7dce910c75

  • SHA512

    46b0249e5aad3aca132ccb94ecae032dc1fbcf2aab4119a9f9c9714c3e58d9327b4d463cd52efac7c52039616dd257c1c06aece29b6f18cc7423a11aad7e241c

  • SSDEEP

    3072:MB324Mujr+zpEwSQCah3vidXxwz45BGyEG:F4vDwSxOWxwU5BG

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      server.exe

    • Size

      177KB

    • MD5

      68d4bfeb87777e1c8766088077822341

    • SHA1

      b7d12612d8ef6aa44b1bcbdea0e6979769841300

    • SHA256

      308110773533c5740fd92d77094da83152f98230cd9635bc8f7dcd7dce910c75

    • SHA512

      46b0249e5aad3aca132ccb94ecae032dc1fbcf2aab4119a9f9c9714c3e58d9327b4d463cd52efac7c52039616dd257c1c06aece29b6f18cc7423a11aad7e241c

    • SSDEEP

      3072:MB324Mujr+zpEwSQCah3vidXxwz45BGyEG:F4vDwSxOWxwU5BG

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks