Overview

overview

10

Static

static

3

b669eee07f...c5.dll

windows7-x64

10

b669eee07f...c5.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a210524f979bf76e29b80555a64ce35251c3b60b5379aa72d6ed4da29d4fad13

  • Size

    250KB

  • Sample

    241222-n51bvaxkg1

  • MD5

    97954fe93bc805182968fc51121f6737

  • SHA1

    931ef6919306a690afad866e8a762d6d1d320234

  • SHA256

    a210524f979bf76e29b80555a64ce35251c3b60b5379aa72d6ed4da29d4fad13

  • SHA512

    2627966c7d9f026f8b1d58daeab8ced3f87ba89ff9eac4075657d61546020ee97d05ccfd3024b72083b7388c36622bee7b79bbb03b2c720ad9736e6171bfccb3

  • SSDEEP

    6144:KigCaUaCdLqZgm8CBYaSvHJ8mtx5dQnQxp:rgCa9CdOJKpBMQxp

Score
10/10
gozi3000bankerdiscoveryisfbtrojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

3000

C2

config.edge.skype.com

185.154.53.214

185.154.53.188

46.30.42.246
Attributes
  • base_path

    /drew/

  • build

    260226

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      b669eee07f65129967f9414ce64cd5308a79ad32eb3d38bc2bf96691401483c5

    • Size

      524KB

    • MD5

      504d269fd7fb3a17b31cddc1c2dcab64

    • SHA1

      977434f10a2d453ab4bf828595855d1363071baa

    • SHA256

      b669eee07f65129967f9414ce64cd5308a79ad32eb3d38bc2bf96691401483c5

    • SHA512

      31ed36500d65b91453ed279be0ca929e3165af749376b975e40a6106be2423e2fe7f5908e3f3c2e8ce8b36aee76179308100599c44e5c9862ef66aec6746620b

    • SSDEEP

      6144:Lcys72nJLop9sjwHMCOtSBYagxHJGi6ZcF4DqabuFGGGGGGGGHGGGGGGGGGGGGGS:IiJ8p9sj7tS4pGi0cWl

    Score
    10/10
    gozi3000bankerdiscoveryisfbtrojan

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks