General

  • Target

    readme.exe

  • Size

    411KB

  • Sample

    220318-jpvdfagee8

  • MD5

    889b7bffec04add185815d1b58d7c979

  • SHA1

    4ed0d6adfda444b03f2660c5070cb2ddbc6bf793

  • SHA256

    9c815841be71a4aafec48f38dcb04b94fcf7b13a21ffbb834f77951ed615f9c4

  • SHA512

    86704fc551c26c3fbe61d4395f867af5fa0e92bcff644b0af068cb14e05365120c8d46dcdc90461d2a25088685dfe163d74602640274d64ba9bad2e700d8a643

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7625

C2

sistemliner.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      readme.exe

    • Size

      411KB

    • MD5

      889b7bffec04add185815d1b58d7c979

    • SHA1

      4ed0d6adfda444b03f2660c5070cb2ddbc6bf793

    • SHA256

      9c815841be71a4aafec48f38dcb04b94fcf7b13a21ffbb834f77951ed615f9c4

    • SHA512

      86704fc551c26c3fbe61d4395f867af5fa0e92bcff644b0af068cb14e05365120c8d46dcdc90461d2a25088685dfe163d74602640274d64ba9bad2e700d8a643

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • Gozi_JJ_loader

    • Gozi_JJ_loader_0

MITRE ATT&CK Matrix

Tasks