Overview

overview

10

Static

static

1

server.exe

windows7-x64

10

server.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    server.exe

  • Size

    177KB

  • Sample

    230320-mfs1ssch72

  • MD5

    aa37b36ea7ba39b6c00ae1b01bada3f7

  • SHA1

    90545746e5b23fcdf7db1fa5c30588df2f4c31bf

  • SHA256

    a6886a3566a1a98072d67f1aca4a04b5667f97f4df21b2f54d6108293d7c02b7

  • SHA512

    1a3d446ab096e25b840c442356169333e10db16baa24d9f5842eddad4b8303dba3957310e1ba8545ebbb5379b7b1f84c3ca2957d3d29cd8ea85f014a9abe0772

  • SSDEEP

    3072:sKUXgTGIAmez+JQAxHun7YB5ahAWlS5UQjV:0gTfBfxAkBSAP5

Score
10/10
gozi7715bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      177KB

    • MD5

      aa37b36ea7ba39b6c00ae1b01bada3f7

    • SHA1

      90545746e5b23fcdf7db1fa5c30588df2f4c31bf

    • SHA256

      a6886a3566a1a98072d67f1aca4a04b5667f97f4df21b2f54d6108293d7c02b7

    • SHA512

      1a3d446ab096e25b840c442356169333e10db16baa24d9f5842eddad4b8303dba3957310e1ba8545ebbb5379b7b1f84c3ca2957d3d29cd8ea85f014a9abe0772

    • SSDEEP

      3072:sKUXgTGIAmez+JQAxHun7YB5ahAWlS5UQjV:0gTfBfxAkBSAP5

    Score
    10/10
    gozi7715bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks