General

  • Target

    server.exe

  • Size

    359KB

  • Sample

    230322-qxyjdsha78

  • MD5

    25e762ad2877486c04a25445349db8fc

  • SHA1

    6662403f2eba78717fff8a7d135875daaeb3c4fa

  • SHA256

    714c9d8e64376bcc4cd7ed89b448e256144c40e1e6705a686dabf201d3bdfb74

  • SHA512

    9cf03d8154f6a7bfc32a589011e6d98312682193356093ea8cb4d050384d9da5a8e5fc48705e6bb5af94f7475e5dfe0ef9d44dbeec5e734b0bb1d7ba8c4ab0bc

  • SSDEEP

    3072:5PydlH0r1a3j4YI/ttvi/fHPlWsGJmog5hmSzaNxAY1jJJ:g86I//EvlWso8kkaXAu

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7715

C2

checklist.skype.com

62.173.142.50

31.41.44.87

109.248.11.217

212.109.218.151

5.44.45.83

62.173.142.81

193.233.175.113

109.248.11.184

212.109.218.26

185.68.93.7

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      359KB

    • MD5

      25e762ad2877486c04a25445349db8fc

    • SHA1

      6662403f2eba78717fff8a7d135875daaeb3c4fa

    • SHA256

      714c9d8e64376bcc4cd7ed89b448e256144c40e1e6705a686dabf201d3bdfb74

    • SHA512

      9cf03d8154f6a7bfc32a589011e6d98312682193356093ea8cb4d050384d9da5a8e5fc48705e6bb5af94f7475e5dfe0ef9d44dbeec5e734b0bb1d7ba8c4ab0bc

    • SSDEEP

      3072:5PydlH0r1a3j4YI/ttvi/fHPlWsGJmog5hmSzaNxAY1jJJ:g86I//EvlWso8kkaXAu

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks