General
-
Target
server.exe
-
Size
359KB
-
Sample
230322-qxyjdsha78
-
MD5
25e762ad2877486c04a25445349db8fc
-
SHA1
6662403f2eba78717fff8a7d135875daaeb3c4fa
-
SHA256
714c9d8e64376bcc4cd7ed89b448e256144c40e1e6705a686dabf201d3bdfb74
-
SHA512
9cf03d8154f6a7bfc32a589011e6d98312682193356093ea8cb4d050384d9da5a8e5fc48705e6bb5af94f7475e5dfe0ef9d44dbeec5e734b0bb1d7ba8c4ab0bc
-
SSDEEP
3072:5PydlH0r1a3j4YI/ttvi/fHPlWsGJmog5hmSzaNxAY1jJJ:g86I//EvlWso8kkaXAu
Static task
static1
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7715
checklist.skype.com
62.173.142.50
31.41.44.87
109.248.11.217
212.109.218.151
5.44.45.83
62.173.142.81
193.233.175.113
109.248.11.184
212.109.218.26
185.68.93.7
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
server.exe
-
Size
359KB
-
MD5
25e762ad2877486c04a25445349db8fc
-
SHA1
6662403f2eba78717fff8a7d135875daaeb3c4fa
-
SHA256
714c9d8e64376bcc4cd7ed89b448e256144c40e1e6705a686dabf201d3bdfb74
-
SHA512
9cf03d8154f6a7bfc32a589011e6d98312682193356093ea8cb4d050384d9da5a8e5fc48705e6bb5af94f7475e5dfe0ef9d44dbeec5e734b0bb1d7ba8c4ab0bc
-
SSDEEP
3072:5PydlH0r1a3j4YI/ttvi/fHPlWsGJmog5hmSzaNxAY1jJJ:g86I//EvlWso8kkaXAu
-