General

  • Target

    bf237f642cd049be1e0be68de0f3bd6ed97be7d05059fb2825f94fd0a5afebfd_JC.exe

  • Size

    422KB

  • Sample

    231011-gpz8ksfe95

  • MD5

    c788f8e7a2d0311297bd198ca9d05ec8

  • SHA1

    64240992ba99ae27b0bb4fe277a95524a4b139db

  • SHA256

    bf237f642cd049be1e0be68de0f3bd6ed97be7d05059fb2825f94fd0a5afebfd

  • SHA512

    2295c28aa11e3c1ea09f0ba790ea1e8322b3c996f4f27bf0aec9edf0997329ea8d13b98417e856f7bd922f4a0d9ef786117b8354a04b752d53e6b53733db4f5d

  • SSDEEP

    6144:eH0vsBFRMXdX0tn7qnmUVR9g0pHii2B8mG+R2FLxgwExgw:eH0v4FRyX0tnWnN9pHiN4+R2NxEx

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

netsecurez.com

whofoxy.com

mimemoa.com

ntcgo.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Extracted

Family

gozi

Botnet

5050

C2

fotexion.com

Attributes
  • base_path

    /pictures/

  • build

    250260

  • exe_type

    worker

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      bf237f642cd049be1e0be68de0f3bd6ed97be7d05059fb2825f94fd0a5afebfd_JC.exe

    • Size

      422KB

    • MD5

      c788f8e7a2d0311297bd198ca9d05ec8

    • SHA1

      64240992ba99ae27b0bb4fe277a95524a4b139db

    • SHA256

      bf237f642cd049be1e0be68de0f3bd6ed97be7d05059fb2825f94fd0a5afebfd

    • SHA512

      2295c28aa11e3c1ea09f0ba790ea1e8322b3c996f4f27bf0aec9edf0997329ea8d13b98417e856f7bd922f4a0d9ef786117b8354a04b752d53e6b53733db4f5d

    • SSDEEP

      6144:eH0vsBFRMXdX0tn7qnmUVR9g0pHii2B8mG+R2FLxgwExgw:eH0v4FRyX0tnWnN9pHiN4+R2NxEx

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks