Overview

overview

10

Static

static

1

server.exe

windows7-x64

10

server.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    server.exe

  • Size

    246KB

  • Sample

    230324-pewfmseb98

  • MD5

    62c6ed30422b5876110ee6ab6660223e

  • SHA1

    60e1a1c26d35c9d90fb163364e3a4deec1d4016a

  • SHA256

    fbb595a285f1126d4bfe09240e40b1a8a66ac5024f90b5e64860bb872e05a248

  • SHA512

    a5d124845b49428c7ffca0b81c063b81acdc84ef8d67511e9cb68489cd3baf1b3dd8420aff3b5972c4702da8fcad90c5fc3b7483bed1c03f9223475fc9760ec1

  • SSDEEP

    3072:VRESzcarU/edI7cTsSsuDwTHDXbtMJzWVCkeoQ0LTZ2eB25UWNObVr:eRNILMbJeW92eBoUj

Score
10/10
gozi7716bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133
Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Targets

    • Target

      server.exe

    • Size

      246KB

    • MD5

      62c6ed30422b5876110ee6ab6660223e

    • SHA1

      60e1a1c26d35c9d90fb163364e3a4deec1d4016a

    • SHA256

      fbb595a285f1126d4bfe09240e40b1a8a66ac5024f90b5e64860bb872e05a248

    • SHA512

      a5d124845b49428c7ffca0b81c063b81acdc84ef8d67511e9cb68489cd3baf1b3dd8420aff3b5972c4702da8fcad90c5fc3b7483bed1c03f9223475fc9760ec1

    • SSDEEP

      3072:VRESzcarU/edI7cTsSsuDwTHDXbtMJzWVCkeoQ0LTZ2eB25UWNObVr:eRNILMbJeW92eBoUj

    Score
    10/10
    gozi7716bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks