General

  • Target

    1600-56-0x0000000010000000-0x0000000010081000-memory.dmp

  • Size

    516KB

  • Sample

    220209-t6sw2sahg4

  • MD5

    055e4c124628d6184587a3e1b1531eee

  • SHA1

    fe40a6446ff71dc0e7bfa71a9838ade2cc6d5fae

  • SHA256

    aed54b1b8be699cbacdc61a1c75150ec5f75ec0467657c8f4a6d89e1c3425d9a

  • SHA512

    a7b0f788299d3d2608584d47fd5343f4f41c778663ad20f865cd7efb520a687dac48b4bbb09fa6ea2491b04e83e3a0c57ce40d036a82aca04c526a6fcf64239d

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7612

C2

securezzalink.top

securezzalink.space

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      1600-56-0x0000000010000000-0x0000000010081000-memory.dmp

    • Size

      516KB

    • MD5

      055e4c124628d6184587a3e1b1531eee

    • SHA1

      fe40a6446ff71dc0e7bfa71a9838ade2cc6d5fae

    • SHA256

      aed54b1b8be699cbacdc61a1c75150ec5f75ec0467657c8f4a6d89e1c3425d9a

    • SHA512

      a7b0f788299d3d2608584d47fd5343f4f41c778663ad20f865cd7efb520a687dac48b4bbb09fa6ea2491b04e83e3a0c57ce40d036a82aca04c526a6fcf64239d

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

MITRE ATT&CK Enterprise v6

Tasks