General

  • Target

    client.exe

  • Size

    358KB

  • Sample

    231010-dzrgmsad8w

  • MD5

    1011b3b37999f962ecde4dc2ec25b0e8

  • SHA1

    95153cd5e4c5f93cb72d9d0fa8d4240da8952b54

  • SHA256

    b47b40aeaf31f4342d50be9cb114ccdce5903db6c6aa84c73b3cb69a50bea774

  • SHA512

    ddd2714c6528267a3959dcbaed637d0a22a2764b8f7b0b3bfe21ab98b822c5ef5e115f99961befa22f784528520db78b55a4055dce25101eccece76d4b269ac3

  • SSDEEP

    6144:WGPi+/d8ncPSNmhhPyFK9jcrOuVaE8k82vHG4wMdcCC5YXq:WQiG2ncPSNbFFOuVafIvm0dcRYXq

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

http://iextrawebty.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      client.exe

    • Size

      358KB

    • MD5

      1011b3b37999f962ecde4dc2ec25b0e8

    • SHA1

      95153cd5e4c5f93cb72d9d0fa8d4240da8952b54

    • SHA256

      b47b40aeaf31f4342d50be9cb114ccdce5903db6c6aa84c73b3cb69a50bea774

    • SHA512

      ddd2714c6528267a3959dcbaed637d0a22a2764b8f7b0b3bfe21ab98b822c5ef5e115f99961befa22f784528520db78b55a4055dce25101eccece76d4b269ac3

    • SSDEEP

      6144:WGPi+/d8ncPSNmhhPyFK9jcrOuVaE8k82vHG4wMdcCC5YXq:WQiG2ncPSNbFFOuVafIvm0dcRYXq

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

MITRE ATT&CK Matrix

Tasks