General

  • Target

    ef7ce2271f6d3600551511c22a3945bbb4ba9fb8

  • Size

    52KB

  • Sample

    230322-nrtl5sae3y

  • MD5

    be4e2a2324e6aa30b51fea2fb4e6bc78

  • SHA1

    ef7ce2271f6d3600551511c22a3945bbb4ba9fb8

  • SHA256

    00564cada64d7d055eb8b5c5b6d4c86ae4517352c41ee3d49abe0d3c75fe3ef3

  • SHA512

    a8e816dfd947dea598f8eaf72b2b4b9c60e19a381a399b2c9b76143d3ca0edbb0fbde4cbf0afdfe57adb009b06164f3cff1a3e6d4608d23ae7592fe5a8e0c54b

  • SSDEEP

    768:QqkeqVT05kGF8/E4wOefb+HhW4gIJq+YZKR8YkgeTJdMRhK3D1Gc0B:QDeqo8/Ehz4w4gIT9kgwJdMuD1GcM

Score
10/10

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      ef7ce2271f6d3600551511c22a3945bbb4ba9fb8

    • Size

      52KB

    • MD5

      be4e2a2324e6aa30b51fea2fb4e6bc78

    • SHA1

      ef7ce2271f6d3600551511c22a3945bbb4ba9fb8

    • SHA256

      00564cada64d7d055eb8b5c5b6d4c86ae4517352c41ee3d49abe0d3c75fe3ef3

    • SHA512

      a8e816dfd947dea598f8eaf72b2b4b9c60e19a381a399b2c9b76143d3ca0edbb0fbde4cbf0afdfe57adb009b06164f3cff1a3e6d4608d23ae7592fe5a8e0c54b

    • SSDEEP

      768:QqkeqVT05kGF8/E4wOefb+HhW4gIJq+YZKR8YkgeTJdMRhK3D1Gc0B:QDeqo8/Ehz4w4gIT9kgwJdMuD1GcM

    Score
    1/10

MITRE ATT&CK Matrix

Tasks