General

  • Target

    server.exe

  • Size

    247KB

  • Sample

    230325-hqxphsdg4x

  • MD5

    38e907ce3156548d3013376942fb2d9d

  • SHA1

    a24a44b759cec265ee5d6017060af71306f6eb2d

  • SHA256

    d71eb90b2eafb9a5a0cb8a9294f35c9cb51bb903dc7495a6566e83449503d6b0

  • SHA512

    eb8b616c8f58ed6fa67b9292f7e3cd122c0d20cf82fadceec1ed1bbe086342bbe710aff3ec44b8a19d472a8a3adc7dd5893b85c3ea3264085034cafd428ac767

  • SSDEEP

    3072:kjCqzGkD8XGdWhkTEUmXDwuGKa/irjinTI2ApT84b4HWNObVr:1fXepEn3ATI20T84MHj

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      247KB

    • MD5

      38e907ce3156548d3013376942fb2d9d

    • SHA1

      a24a44b759cec265ee5d6017060af71306f6eb2d

    • SHA256

      d71eb90b2eafb9a5a0cb8a9294f35c9cb51bb903dc7495a6566e83449503d6b0

    • SHA512

      eb8b616c8f58ed6fa67b9292f7e3cd122c0d20cf82fadceec1ed1bbe086342bbe710aff3ec44b8a19d472a8a3adc7dd5893b85c3ea3264085034cafd428ac767

    • SSDEEP

      3072:kjCqzGkD8XGdWhkTEUmXDwuGKa/irjinTI2ApT84b4HWNObVr:1fXepEn3ATI20T84MHj

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks