General

  • Target

    42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78

  • Size

    906KB

  • Sample

    240514-fmrb8abf6s

  • MD5

    229ec577744224d4d2fb2091ac253dd8

  • SHA1

    497013697aba845b400d23bd774cf2ad09f4dae5

  • SHA256

    42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78

  • SHA512

    b4368d84d11b9b84384e7a33f0fd1b9220d46885a7ef610a8d41f845b2d330d0a18553c538914b43e0d27d3a164e25a533a92b5df299fe1f8840be86dbf64adb

  • SSDEEP

    12288:PGOKnxw/No9EM8PPiMlU7gp2tdZmlJcsit5QJg7CI:fKxw/NcEMXMlU7fdZmAWg7CI

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

7716

C2

checklist.skype.com

193.233.175.115

185.68.93.20

62.173.140.250

46.8.210.133

Attributes
  • base_path

    /drew/

  • build

    250255

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78

    • Size

      906KB

    • MD5

      229ec577744224d4d2fb2091ac253dd8

    • SHA1

      497013697aba845b400d23bd774cf2ad09f4dae5

    • SHA256

      42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78

    • SHA512

      b4368d84d11b9b84384e7a33f0fd1b9220d46885a7ef610a8d41f845b2d330d0a18553c538914b43e0d27d3a164e25a533a92b5df299fe1f8840be86dbf64adb

    • SSDEEP

      12288:PGOKnxw/No9EM8PPiMlU7gp2tdZmlJcsit5QJg7CI:fKxw/NcEMXMlU7fdZmAWg7CI

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix

Tasks