Overview

overview

10

Static

static

3

d3d24cfc0f...96.dll

windows7-x64

10

d3d24cfc0f...96.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11606333877.zip

  • Size

    318KB

  • Sample

    230829-x7trhsac7t

  • MD5

    a3044047bcd338a7e16a05b0900c2826

  • SHA1

    2609bcd0912809d1dfa43066b6bcde08fcf1d7ab

  • SHA256

    c37b38c013fe3e845e9bee5697e21d5cc3a43d156d31a09dd9e6e537a7de1cf4

  • SHA512

    dc7c05ffd3b3c50fb0901804742ac39c4ff76e93a74659df8f40a7ffa148cb0e72df6d029cf4759e44ab70501ad31eb195f0c736155133981112ba0f096006c8

  • SSDEEP

    6144:khRBgaEH58WX6PPtV3yd9cu5xGLXteCbiUqKFw+YrR0JpCYfvS0/:kh9Y51X6PPb/GGrteCbi9KPYrbY3S0/

Score
10/10
gozi3000bankerisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

superstarts.top

superlist.top

internetcoca.in

193.106.191.163
Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      d3d24cfc0f5d15b4f6160e539f45a7786fce3be249d56811e9b7f0368967e396

    • Size

      602KB

    • MD5

      f5229d20ad515e77c585134fcdfd8ca1

    • SHA1

      b6741980071eeadd5a998d75ae890a1527153918

    • SHA256

      d3d24cfc0f5d15b4f6160e539f45a7786fce3be249d56811e9b7f0368967e396

    • SHA512

      6a54765346de383c6b4927cacdcf74d3d22a49ed9f7dc83c4c58d8c655827ab2866bea9f47ae16377a970e5d70c641d26effe877f381ee4662b65f47f246bc63

    • SSDEEP

      12288:/RI34sEF5wcH9seTP1GQn1WHhu67jd23ctEjBx/2g99:/RWu/wcH9seTdJn6VQcSj//199

    Score
    10/10
    gozi3000bankerisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks