General

  • Target

    client.exe

  • Size

    195KB

  • Sample

    231003-mg376abg25

  • MD5

    d8fb6e2fc8efc75796dd2d9afb40fca3

  • SHA1

    0fe99824a62ded8d8c28b3af6673411eebaeed9f

  • SHA256

    6a33b9576d33c195a7b09f9416e5360098f5064ff9ead9a476598cffe1fc1c09

  • SHA512

    81409498e7a70ce232c317c7c145dc5c683cfd5682047f780c69f5a179b3f41d9515d163e52a1681f21694b2f514f0181571595999b7ef5bceac47e082dff341

  • SSDEEP

    3072:SHl8sl3SL91KRqK0Sz3yTBKw0z88wMsRZAwfzYs5Hb7T3aW/ZulhCEX8zp:288M91IqwumUOwfzYsBZc1X8zp

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

46.8.210.250

31.41.44.9

185.247.184.139

62.72.33.155

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      client.exe

    • Size

      195KB

    • MD5

      d8fb6e2fc8efc75796dd2d9afb40fca3

    • SHA1

      0fe99824a62ded8d8c28b3af6673411eebaeed9f

    • SHA256

      6a33b9576d33c195a7b09f9416e5360098f5064ff9ead9a476598cffe1fc1c09

    • SHA512

      81409498e7a70ce232c317c7c145dc5c683cfd5682047f780c69f5a179b3f41d9515d163e52a1681f21694b2f514f0181571595999b7ef5bceac47e082dff341

    • SSDEEP

      3072:SHl8sl3SL91KRqK0Sz3yTBKw0z88wMsRZAwfzYs5Hb7T3aW/ZulhCEX8zp:288M91IqwumUOwfzYsBZc1X8zp

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

MITRE ATT&CK Matrix

Tasks