General

  • Target

    e452ff5c5820666acd2ed6e4f428cd1c6d6bcbcb717899452bdbf0a714457dc3

  • Size

    2.7MB

  • Sample

    220321-j41trsacf8

  • MD5

    203b91c7b2a358455f5f62a6509cda53

  • SHA1

    3ace5fbaa20e144a6e81a83ab7bcbe7e71123808

  • SHA256

    e452ff5c5820666acd2ed6e4f428cd1c6d6bcbcb717899452bdbf0a714457dc3

  • SHA512

    c3934f22a236319b9ffd99d0d44ec14281725c4c8454da2cc64d6aeee86e71487b9056a4e92e6b0ff265b704f4e8eccc3c172fc172e8810261962ddcd7fb1f1b

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7613

C2

interlines.top

interlines.space

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      e452ff5c5820666acd2ed6e4f428cd1c6d6bcbcb717899452bdbf0a714457dc3

    • Size

      2.7MB

    • MD5

      203b91c7b2a358455f5f62a6509cda53

    • SHA1

      3ace5fbaa20e144a6e81a83ab7bcbe7e71123808

    • SHA256

      e452ff5c5820666acd2ed6e4f428cd1c6d6bcbcb717899452bdbf0a714457dc3

    • SHA512

      c3934f22a236319b9ffd99d0d44ec14281725c4c8454da2cc64d6aeee86e71487b9056a4e92e6b0ff265b704f4e8eccc3c172fc172e8810261962ddcd7fb1f1b

MITRE ATT&CK Matrix

Tasks