General
-
Target
server.exe
-
Size
246KB
-
Sample
230324-k7ax7afe2t
-
MD5
b3101788c7bf3073dff4b4ecbaaee7f2
-
SHA1
02fcc9af48e8d85f403b1238610d44fe048cbcd5
-
SHA256
3abe280839baec9e6aee5759dfbc052688a28237f39532c9e8e419db9c3a0f61
-
SHA512
181e413132c5ed22f0b344ebf44fa91c225419bb7c31c84d6c3050bd48fbd849dcd91c5cac3c39677f8d9a4ceb6c12f0f0c59a80a8788702c4152e16949d9e0e
-
SSDEEP
3072:JFQvz3uHvNFdtKQTGVG3uDdgvARWHudvTux1UpodKWrOTGSFBWNObVq:+SNtKvgxn1UpejrOTDBj
Static task
static1
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20230220-en
Malware Config
Extracted
gozi
Extracted
gozi
7716
checklist.skype.com
193.233.175.115
185.68.93.20
62.173.140.250
46.8.210.133
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
Targets
-
-
Target
server.exe
-
Size
246KB
-
MD5
b3101788c7bf3073dff4b4ecbaaee7f2
-
SHA1
02fcc9af48e8d85f403b1238610d44fe048cbcd5
-
SHA256
3abe280839baec9e6aee5759dfbc052688a28237f39532c9e8e419db9c3a0f61
-
SHA512
181e413132c5ed22f0b344ebf44fa91c225419bb7c31c84d6c3050bd48fbd849dcd91c5cac3c39677f8d9a4ceb6c12f0f0c59a80a8788702c4152e16949d9e0e
-
SSDEEP
3072:JFQvz3uHvNFdtKQTGVG3uDdgvARWHudvTux1UpodKWrOTGSFBWNObVq:+SNtKvgxn1UpejrOTDBj
-