General

  • Target

    server.exe

  • Size

    359KB

  • Sample

    230322-pxbtysgg82

  • MD5

    72d3165bec2032972336aa6e3fa5fbfb

  • SHA1

    76005704232b27e2dbdd14df990b204e90e0cf81

  • SHA256

    541a131186c7861caf0517567d8c6208f2f95712b637a488ac6fbbfe7756efdc

  • SHA512

    3c1e53806895eaec53737822042f3189c9b8ac60d9dc685e1051a343f3c457969ac59801cb7ad5acc5ef57def6c67637e888cc091a84ed1aa8204e0f2011e521

  • SSDEEP

    3072:i+VtlxQDPB9j4Y9pHYl/hH9F2xC0JY7UY0mHIy6LKFWVNcGcJJaJJ:hKJ9xEX2xaWmYLKMN+JJ

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      359KB

    • MD5

      72d3165bec2032972336aa6e3fa5fbfb

    • SHA1

      76005704232b27e2dbdd14df990b204e90e0cf81

    • SHA256

      541a131186c7861caf0517567d8c6208f2f95712b637a488ac6fbbfe7756efdc

    • SHA512

      3c1e53806895eaec53737822042f3189c9b8ac60d9dc685e1051a343f3c457969ac59801cb7ad5acc5ef57def6c67637e888cc091a84ed1aa8204e0f2011e521

    • SSDEEP

      3072:i+VtlxQDPB9j4Y9pHYl/hH9F2xC0JY7UY0mHIy6LKFWVNcGcJJaJJ:hKJ9xEX2xaWmYLKMN+JJ

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks