General

  • Target

    readme.exe

  • Size

    411KB

  • Sample

    220318-qmtsfshhb4

  • MD5

    9a83f2064a395adc459f87c243167dd7

  • SHA1

    8f653e50b82d1141eaef724ffb5330065fb4cfbc

  • SHA256

    3a97651f970c4aecf446aa67fe4daab235e0dc35860b1440d413ee91a27dad27

  • SHA512

    8fb29dc0ebe0f95e201b76b9dbd61c33234bf96009a2ddb178431607379657b9fae0417d11c4ac646c7ed036d4b9772c86259e63752a38b61c8b14eefcbf6113

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7625

C2

sistemliner.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      readme.exe

    • Size

      411KB

    • MD5

      9a83f2064a395adc459f87c243167dd7

    • SHA1

      8f653e50b82d1141eaef724ffb5330065fb4cfbc

    • SHA256

      3a97651f970c4aecf446aa67fe4daab235e0dc35860b1440d413ee91a27dad27

    • SHA512

      8fb29dc0ebe0f95e201b76b9dbd61c33234bf96009a2ddb178431607379657b9fae0417d11c4ac646c7ed036d4b9772c86259e63752a38b61c8b14eefcbf6113

MITRE ATT&CK Matrix

Tasks