General

  • Target

    Agenzia_Entrate597.zip

  • Size

    527B

  • Sample

    230322-qb5qksah2s

  • MD5

    ae0ae380b1707b948a4cbc8b3c4384f0

  • SHA1

    f68a46f7f3d2a053da202fa0f8055094b7c3b051

  • SHA256

    6e860515c58f9a90db038b974bd259580c5dc35d504085e9928ab7fcec56ec10

  • SHA512

    7bba9c667e6562bce4cadad36f4908502c7873b0373c34c2c4e5d03d3df3b81363e0c06338b134b139b05032e03bb1be1c6892e215b6836027b878683601294c

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      Agenzia_Entrate/Agenzia_Entrate.url

    • Size

      194B

    • MD5

      2e3efd45e12ebbb0307c66f9846db315

    • SHA1

      ca9308c31a6bf36a784f6cf52396c7c66ae4a2db

    • SHA256

      ef74e678ded46b0d5f69622154c95e5ea9f053cc9d0d47e10ca7b19a2b3e5981

    • SHA512

      24b8355fd77b7894184b34319f2a735c76cd8dd1a12525777b179e92b74e2cb46ea733d39ce2cca068fd1f95834ceab951c8b2d2ee0c6e1c17e80610c6842f0d

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks