Analysis
-
max time kernel
141s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
24-03-2023 12:15
Static task
static1
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20230220-en
windows7-x64
1 signatures
150 seconds
General
-
Target
server.exe
-
Size
246KB
-
MD5
62c6ed30422b5876110ee6ab6660223e
-
SHA1
60e1a1c26d35c9d90fb163364e3a4deec1d4016a
-
SHA256
fbb595a285f1126d4bfe09240e40b1a8a66ac5024f90b5e64860bb872e05a248
-
SHA512
a5d124845b49428c7ffca0b81c063b81acdc84ef8d67511e9cb68489cd3baf1b3dd8420aff3b5972c4702da8fcad90c5fc3b7483bed1c03f9223475fc9760ec1
-
SSDEEP
3072:VRESzcarU/edI7cTsSsuDwTHDXbtMJzWVCkeoQ0LTZ2eB25UWNObVr:eRNILMbJeW92eBoUj
Malware Config
Extracted
Family
gozi
Botnet
7716
C2
checklist.skype.com
193.233.175.115
185.68.93.20
62.173.140.250
46.8.210.133
Attributes
-
base_path
/drew/
-
build
250255
-
exe_type
loader
-
extension
.jlk
-
server_id
50
rsa_pubkey.plain
aes.plain
Extracted
Family
gozi