Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
20/03/2023, 14:05
Static task
static1
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20230220-en
1 signatures
150 seconds
General
-
Target
server.exe
-
Size
178KB
-
MD5
386839452984e2eda4151746d57ea19b
-
SHA1
b9c43085f6b63db8a02b4764c4d75699efa9d074
-
SHA256
f139bc8f71a483ba058e2577ef5952b85a74cebd302632a121e4bbc0d96bb953
-
SHA512
9a2dd73db8c62f891084d4c47d3edceb2f7eae0113374e9c89d3670dbcb21c98f032b603109a7cad859ad7f3f0c00367e295a8436e3d9749b9ddfe2395151b0d
-
SSDEEP
3072:tQPCdvNZmiJN2CE91O6lbP+pnW6ya2wPAnBb4:SavnKO6lz6Tyatw
Malware Config
Extracted
Family
gozi
Botnet
7715
C2
checklist.skype.com
62.173.142.81
193.233.175.113
109.248.11.184
212.109.218.26
185.68.93.7
Attributes
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
rsa_pubkey.plain
aes.plain
Extracted
Family
gozi