Overview

overview

10

Static

static

1

49c54e18e2...86.dll

windows7-x64

10

49c54e18e2...86.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49c54e18e22e5c82d591ff5345a4c660f2c80e14fcbe4c3a7d1df43654e40e86.dll

  • Size

    511KB

  • Sample

    230612-swkl9adc9w

  • MD5

    dbe0888d7edb236b38d0dcfd33dd0a06

  • SHA1

    f53a59741ddc982af5b77bd77ab99f74e9b33948

  • SHA256

    49c54e18e22e5c82d591ff5345a4c660f2c80e14fcbe4c3a7d1df43654e40e86

  • SHA512

    b893e59fb0cf5db3ae076798849e467b239c7be30917cff40b5df6d5f9feadb50e90ba728ea9955f628c27e519c407f5b7c4b12eba002064387846e7662e2473

  • SSDEEP

    6144:yTZBx+7jsPTl/N80J849j3si2Hw2Kfl0OA5P1rh/YwOnhu58jT7FWQ+ICBFQ5jyy:YZP+7jsZS0r59Qw3RxjkeP

Score
10/10
gozi3000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

89.41.26.99

89.45.4.102

interstarts.top

superlist.top

internetcoca.in
Attributes
  • base_path

    /drew/

  • build

    250246

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      49c54e18e22e5c82d591ff5345a4c660f2c80e14fcbe4c3a7d1df43654e40e86.dll

    • Size

      511KB

    • MD5

      dbe0888d7edb236b38d0dcfd33dd0a06

    • SHA1

      f53a59741ddc982af5b77bd77ab99f74e9b33948

    • SHA256

      49c54e18e22e5c82d591ff5345a4c660f2c80e14fcbe4c3a7d1df43654e40e86

    • SHA512

      b893e59fb0cf5db3ae076798849e467b239c7be30917cff40b5df6d5f9feadb50e90ba728ea9955f628c27e519c407f5b7c4b12eba002064387846e7662e2473

    • SSDEEP

      6144:yTZBx+7jsPTl/N80J849j3si2Hw2Kfl0OA5P1rh/YwOnhu58jT7FWQ+ICBFQ5jyy:YZP+7jsZS0r59Qw3RxjkeP

    Score
    10/10
    gozi3000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks