General

  • Target

    Organizzazione783.zip

  • Size

    521B

  • Sample

    230322-qb3wzsag9w

  • MD5

    e14ce4c0a68cfec0a9fafd24508a0319

  • SHA1

    f4a70cd3afe7574ec5277a708ecbc8d1d86ad7bf

  • SHA256

    599955669f11878d82c9a589193a8a849dd8ac6e8a5e3d6c7ef8147ae0538868

  • SHA512

    e4b9d7d6d1a6725cbf1d55b744cedc4a6a9a3a1ac6156e54ed2157d36dedb2c6be0d4cf6936512db1ff2ef3eacadefae97a9db647de0a0bbef85377dab7e510c

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      Organizzazione/Organizzazione.url

    • Size

      194B

    • MD5

      7223cc1975393443d4d161492d0f932e

    • SHA1

      2fc8c648559e862b3191088450781b5d33debd5f

    • SHA256

      ec178c6a29aa42213ac7287e45d8378632e145ef650dd5734f247129bd364dbb

    • SHA512

      5c5eec290b156c760c44dd9b7162a5cf9e3f2f4e1f9ef494dcbf5ef2f12fd51801b1170b36f39ab2342467f7701bfe4bd292b7cd5418c4b87717e7abfc31ef5a

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks