General

  • Target

    portfolio_JC.exe

  • Size

    215KB

  • Sample

    231012-sb53fshb73

  • MD5

    323ae1b1d1832e5d5c13ee6fbfe65a4d

  • SHA1

    ee1f0aedbaacf442923aa03387759f334f04fea8

  • SHA256

    9a73aac68d8941fa339bf2b9d12c2ddabc734cf94d0070cbd5c8b7e25ee92f29

  • SHA512

    8cf35cc1a2d2919119c0511a5c5479bbcfa8a4e48a55bee2928c0acf28827a32585aaef5a246256eabfd6899bdfbe5fba238dfb84d5b87cd79aa791421fb275a

  • SSDEEP

    6144:Qoj4vGLREu+64zIMHQRWsZA0Dlgd00Tk:QE2u+64NHqZAqlZ8

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

5050

C2

https://avas1ta.com/in/login/

192.121.22.216

http://mimemoa.com

Attributes
  • base_path

    /jerry/

  • build

    250260

  • exe_type

    loader

  • extension

    .bob

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      portfolio_JC.exe

    • Size

      215KB

    • MD5

      323ae1b1d1832e5d5c13ee6fbfe65a4d

    • SHA1

      ee1f0aedbaacf442923aa03387759f334f04fea8

    • SHA256

      9a73aac68d8941fa339bf2b9d12c2ddabc734cf94d0070cbd5c8b7e25ee92f29

    • SHA512

      8cf35cc1a2d2919119c0511a5c5479bbcfa8a4e48a55bee2928c0acf28827a32585aaef5a246256eabfd6899bdfbe5fba238dfb84d5b87cd79aa791421fb275a

    • SSDEEP

      6144:Qoj4vGLREu+64zIMHQRWsZA0Dlgd00Tk:QE2u+64NHqZAqlZ8

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks