General

  • Target

    Azienda.zip

  • Size

    479B

  • Sample

    230320-nt1s8sfc8x

  • MD5

    7a92269fe67042883d7a4082076a9c4a

  • SHA1

    76ba658ed389af9863b97a61aed7103c7a6045dc

  • SHA256

    aadf94d677fc0710a44b7452368a04c791c154ee644147b58068a00711d98723

  • SHA512

    572c00d10000449f1a52681c502bc38cd9517a747330dd29e0c301eda0c14c690ac65a56913815c85e6bbfebb7857d5769ce382dacca6204fc3ce591a6ca6001

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      Azienda/Azienda.url

    • Size

      194B

    • MD5

      bde4ba445d37e5645bde6b7b14f7a2d4

    • SHA1

      377244e0df6359a2a913753fb2f3600a770dc965

    • SHA256

      15224adeae393be5d06378ed32605d677e8c529a395f9bf2ade9b0163d886c49

    • SHA512

      b7ffa8d40f900a6a5409c481a2a25b63f219137a937f3ea188164c19340d333178eba1e237fce483e75f41d62a08c123bb713e2018152cf0e61ac961642de951

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks