General

  • Target

    41025bfa31bf8234f7029fdb03a5f9cacfc6991452cfa645b76f0440b20ae91f

  • Size

    35.9MB

  • Sample

    220321-j4467aacg2

  • MD5

    6f7e051c916e7a39da695fc2a859ffab

  • SHA1

    e1cc5a152936adc65465c37013af52e37db1c3fb

  • SHA256

    41025bfa31bf8234f7029fdb03a5f9cacfc6991452cfa645b76f0440b20ae91f

  • SHA512

    f4da5ca41b9e7bd9f691d044f34b2df1ef2001438d61d211712e99748b467ddc2fc168abbf6741545c1103bb2f5ba971dc69ae004b6d35f0487044a7d181bea4

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7616

C2

loginsline.top

loginslink.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      41025bfa31bf8234f7029fdb03a5f9cacfc6991452cfa645b76f0440b20ae91f

    • Size

      35.9MB

    • MD5

      6f7e051c916e7a39da695fc2a859ffab

    • SHA1

      e1cc5a152936adc65465c37013af52e37db1c3fb

    • SHA256

      41025bfa31bf8234f7029fdb03a5f9cacfc6991452cfa645b76f0440b20ae91f

    • SHA512

      f4da5ca41b9e7bd9f691d044f34b2df1ef2001438d61d211712e99748b467ddc2fc168abbf6741545c1103bb2f5ba971dc69ae004b6d35f0487044a7d181bea4

MITRE ATT&CK Enterprise v6

Tasks