General

  • Target

    image.txt

  • Size

    351KB

  • Sample

    220210-j6he7sgffr

  • MD5

    e5c6442649340b5a0778902ecfbe0cec

  • SHA1

    368859c657c58874ab97167396feaa729304f881

  • SHA256

    4eae1c5ebdb7b2021913b37477077bde0177579b6f8d43a49bd8a202b45657f4

  • SHA512

    588b3b063212f8487248c0b467e75e145e87f99ab110a61c52463b4af20262597da6a91366f1e2287bde7201d92cc1e34fb1043280d2cfddc950ec09e755c57c

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7613

C2

interlines.top

interlines.space

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      image.txt

    • Size

      351KB

    • MD5

      e5c6442649340b5a0778902ecfbe0cec

    • SHA1

      368859c657c58874ab97167396feaa729304f881

    • SHA256

      4eae1c5ebdb7b2021913b37477077bde0177579b6f8d43a49bd8a202b45657f4

    • SHA512

      588b3b063212f8487248c0b467e75e145e87f99ab110a61c52463b4af20262597da6a91366f1e2287bde7201d92cc1e34fb1043280d2cfddc950ec09e755c57c

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M1 (_2B)

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

MITRE ATT&CK Enterprise v6

Tasks