General

  • Target

    readme.DLL

  • Size

    396KB

  • Sample

    220216-jpbakacfgr

  • MD5

    4a6e16d9cdefd1b6a6d4540fcfbf64b2

  • SHA1

    514c1aa17bb07dff3d56dfe9a2f4942d45dc1b85

  • SHA256

    410eb4b06644f073370230650fe0624ce5dc6e18481b2e85930865a5a3984160

  • SHA512

    1e0a78f7cea20bf8d226a1f4864488c01bb1eeab2f0ecb23c1c2c3a87b5af06b71a29f2f41048536f09890c925d86eb94b2ac17aa32ac639461274d419121fdf

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7614

C2

servicelines.top

servicelines.space

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      readme.DLL

    • Size

      396KB

    • MD5

      4a6e16d9cdefd1b6a6d4540fcfbf64b2

    • SHA1

      514c1aa17bb07dff3d56dfe9a2f4942d45dc1b85

    • SHA256

      410eb4b06644f073370230650fe0624ce5dc6e18481b2e85930865a5a3984160

    • SHA512

      1e0a78f7cea20bf8d226a1f4864488c01bb1eeab2f0ecb23c1c2c3a87b5af06b71a29f2f41048536f09890c925d86eb94b2ac17aa32ac639461274d419121fdf

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

MITRE ATT&CK Enterprise v6

Tasks