General

  • Target

    server.exe

  • Size

    360KB

  • Sample

    230322-knq53afh25

  • MD5

    b1c298b78d5b5171178929f85748d1dd

  • SHA1

    624ca4497e5ed1c622d9b077e1c99316f42f3d21

  • SHA256

    0c34693df38fb1cfe4eb93a2e52f6d41444ad40d852224be14243dabe745ed4c

  • SHA512

    ceb80554dae0bcdd2aa6422ba602ec7292cf1f3be49c62f7d00603a7dcf40e017881305fb8354e66725c4e96d387a52b08545b100a8a6a4af2c3bc8a05767b15

  • SSDEEP

    3072:h/cWlzoO/HiajuamcLRXhAfBze/mc8yNPFAsWdlS1t7taCAgwn0F:lnHXhlYVeh8SEjM4/

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      360KB

    • MD5

      b1c298b78d5b5171178929f85748d1dd

    • SHA1

      624ca4497e5ed1c622d9b077e1c99316f42f3d21

    • SHA256

      0c34693df38fb1cfe4eb93a2e52f6d41444ad40d852224be14243dabe745ed4c

    • SHA512

      ceb80554dae0bcdd2aa6422ba602ec7292cf1f3be49c62f7d00603a7dcf40e017881305fb8354e66725c4e96d387a52b08545b100a8a6a4af2c3bc8a05767b15

    • SSDEEP

      3072:h/cWlzoO/HiajuamcLRXhAfBze/mc8yNPFAsWdlS1t7taCAgwn0F:lnHXhlYVeh8SEjM4/

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks