General

  • Target

    server.exe

  • Size

    360KB

  • Sample

    230322-nwqfaage82

  • MD5

    78b4ac76b3261a6ac4a94a868e39ac25

  • SHA1

    0ea51d3d2032630bf53252657f0ff856ff0ee690

  • SHA256

    97fcb2199876005f3e4db6aa7280b15cd59dfe0b99c1fc0e722adb31f0d2e6b4

  • SHA512

    b490d945fbc96d08c33bfb020bfcedf542e90ec9018fa588303e0743e92a1e5a0d1d095a2b2394cdd754709f71396a828339f8ab78d830a2865e920d3756180a

  • SSDEEP

    3072:jyjrlS0bY/04BjuajiKAOSAjhKmj03oXGjyaFgE92ZP+4Ysd8BAmgwn0JV:nV0am9efOyad9L4Y3R

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      360KB

    • MD5

      78b4ac76b3261a6ac4a94a868e39ac25

    • SHA1

      0ea51d3d2032630bf53252657f0ff856ff0ee690

    • SHA256

      97fcb2199876005f3e4db6aa7280b15cd59dfe0b99c1fc0e722adb31f0d2e6b4

    • SHA512

      b490d945fbc96d08c33bfb020bfcedf542e90ec9018fa588303e0743e92a1e5a0d1d095a2b2394cdd754709f71396a828339f8ab78d830a2865e920d3756180a

    • SSDEEP

      3072:jyjrlS0bY/04BjuajiKAOSAjhKmj03oXGjyaFgE92ZP+4Ysd8BAmgwn0JV:nV0am9efOyad9L4Y3R

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks