General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • Sample

    220317-lnktqabbcp

  • MD5

    7c30a730ae6a19fd39377ac70dde1aa0

  • SHA1

    63bb79daadf84081827394ab27652436ded7b53e

  • SHA256

    e105922d77028c891b36eaeda9e536e9bbfbd6de6f78219e49e1d7c83fa67d93

  • SHA512

    d9366f0d50a3a335e1648811068a639b2e557cbd89e4db6747b35056564ef9228635da0476d549ce752d4be156c4069726ffc0bf3f98b55bae83287fc0e7b24b

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7624

C2

atmospheri.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      43KB

    • MD5

      7c30a730ae6a19fd39377ac70dde1aa0

    • SHA1

      63bb79daadf84081827394ab27652436ded7b53e

    • SHA256

      e105922d77028c891b36eaeda9e536e9bbfbd6de6f78219e49e1d7c83fa67d93

    • SHA512

      d9366f0d50a3a335e1648811068a639b2e557cbd89e4db6747b35056564ef9228635da0476d549ce752d4be156c4069726ffc0bf3f98b55bae83287fc0e7b24b

    Score
    1/10

MITRE ATT&CK Matrix

Tasks