General

  • Target

    server.exe

  • Size

    248KB

  • Sample

    230325-hxmswsdg6x

  • MD5

    47a28863984e5acee7a4aadba0798b81

  • SHA1

    4b49af83cb30cce8ca6d270b8104c0cbb9ea7d1a

  • SHA256

    120bb72f63c759f9639de69b6c69ef7044ba8aad6de42d828ad41ce5c9c2c2e9

  • SHA512

    d5d99a652f91bb09042757bd82536111cb9679772028519373455b5b02a3b2bc298032093ab121afc31dbf9a8dd3d5ebeb40fc0edaf317b3060c12327ca71195

  • SSDEEP

    3072:4jKaOORqiFXz3KcIix5QeiD/XabN9hrbOo52p2pkyr8tYa4PVorWN8aeDr:QzOpum5aCS9hrbOjspffV2va

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      server.exe

    • Size

      248KB

    • MD5

      47a28863984e5acee7a4aadba0798b81

    • SHA1

      4b49af83cb30cce8ca6d270b8104c0cbb9ea7d1a

    • SHA256

      120bb72f63c759f9639de69b6c69ef7044ba8aad6de42d828ad41ce5c9c2c2e9

    • SHA512

      d5d99a652f91bb09042757bd82536111cb9679772028519373455b5b02a3b2bc298032093ab121afc31dbf9a8dd3d5ebeb40fc0edaf317b3060c12327ca71195

    • SSDEEP

      3072:4jKaOORqiFXz3KcIix5QeiD/XabN9hrbOo52p2pkyr8tYa4PVorWN8aeDr:QzOpum5aCS9hrbOjspffV2va

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks