General

  • Target

    server.exe

  • Size

    359KB

  • Sample

    230322-kjqczafg74

  • MD5

    97653330273d8047448ce5199af7d83f

  • SHA1

    375d5849a8703165a6935074ae7925c27bdc01c6

  • SHA256

    4a1ceb484536bd1fe3da65c76d7ec161d06190960e1623dfc89c444fa4b4fde0

  • SHA512

    c0be483c83e7558153fa3fcad6406f0fc71764b2af553c409a08850e253183692c2e58d7be27debf56bd99166cc80bdbbbddf50fbcc426c0cb75a2dceaa0fb32

  • SSDEEP

    3072:1zd4lngW/Yx4ujuaatQNb5AAQG/TuSn4G+btjGWHAoGAVQgwn0F:GvYLsC1MSv8xHGP

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      359KB

    • MD5

      97653330273d8047448ce5199af7d83f

    • SHA1

      375d5849a8703165a6935074ae7925c27bdc01c6

    • SHA256

      4a1ceb484536bd1fe3da65c76d7ec161d06190960e1623dfc89c444fa4b4fde0

    • SHA512

      c0be483c83e7558153fa3fcad6406f0fc71764b2af553c409a08850e253183692c2e58d7be27debf56bd99166cc80bdbbbddf50fbcc426c0cb75a2dceaa0fb32

    • SSDEEP

      3072:1zd4lngW/Yx4ujuaatQNb5AAQG/TuSn4G+btjGWHAoGAVQgwn0F:GvYLsC1MSv8xHGP

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks