Overview

overview

10

Static

static

1

server.exe

windows7-x64

10

server.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    server.exe

  • Size

    246KB

  • Sample

    230324-k7ax7afe2t

  • MD5

    b3101788c7bf3073dff4b4ecbaaee7f2

  • SHA1

    02fcc9af48e8d85f403b1238610d44fe048cbcd5

  • SHA256

    3abe280839baec9e6aee5759dfbc052688a28237f39532c9e8e419db9c3a0f61

  • SHA512

    181e413132c5ed22f0b344ebf44fa91c225419bb7c31c84d6c3050bd48fbd849dcd91c5cac3c39677f8d9a4ceb6c12f0f0c59a80a8788702c4152e16949d9e0e

  • SSDEEP

    3072:JFQvz3uHvNFdtKQTGVG3uDdgvARWHudvTux1UpodKWrOTGSFBWNObVq:+SNtKvgxn1UpejrOTDBj

Score
10/10
gozi7716bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      246KB

    • MD5

      b3101788c7bf3073dff4b4ecbaaee7f2

    • SHA1

      02fcc9af48e8d85f403b1238610d44fe048cbcd5

    • SHA256

      3abe280839baec9e6aee5759dfbc052688a28237f39532c9e8e419db9c3a0f61

    • SHA512

      181e413132c5ed22f0b344ebf44fa91c225419bb7c31c84d6c3050bd48fbd849dcd91c5cac3c39677f8d9a4ceb6c12f0f0c59a80a8788702c4152e16949d9e0e

    • SSDEEP

      3072:JFQvz3uHvNFdtKQTGVG3uDdgvARWHudvTux1UpodKWrOTGSFBWNObVq:+SNtKvgxn1UpejrOTDBj

    Score
    10/10
    gozi7716bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks