General

  • Target

    Funzioni237.zip

  • Size

    485B

  • Sample

    230322-qb3wzsgh72

  • MD5

    c251ceceb7a32f7ff839635b18c0c97e

  • SHA1

    5ef4bd64808926101c1de5c4208604584cc69b2b

  • SHA256

    9e33623ce66d8c4154af374dbea6ad918d26f7aef0a0bef9591ca79351c68542

  • SHA512

    f667c33c6bdcd3095cd13d0d374a295e2432f6b3deb340709041acb5f33a8e9b9a89daa0ea6dfe11f6f49f6a258197580035ede012308ef4c76aeffcc071027c

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      Funzioni/Funzioni.url

    • Size

      194B

    • MD5

      1b6b88b4f8da87f1524d77166c9a01dd

    • SHA1

      a4abf24eda19bf997e2de103c6d0cb3675f225e0

    • SHA256

      5ed9e8b1e7ca4c6ecce0929514d0f195d4202809a3e933e06f2af0f7eba53d8b

    • SHA512

      5de1d7a44aa0cea83bc48feaadb712779f1971878d839ab0cf1c310cc40391ea0c6660a939a90c94a1d1f4f5a465bbd746533c3f34b68f2bde5a8d0ed883d04d

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks