Analysis

  • max time kernel
    4294183s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    21/03/2022, 08:14

General

  • Target

    50ed0329ffb7ae83f7a8042ef7f6bd5af5f308e52f479965358cfe4d646b1847.exe

  • Size

    273KB

  • MD5

    c0de3291fe744c4941a518ac41cdcd10

  • SHA1

    07a83577f3af719d8cf386d9768edb24a104abab

  • SHA256

    50ed0329ffb7ae83f7a8042ef7f6bd5af5f308e52f479965358cfe4d646b1847

  • SHA512

    a64a7a039a5e2e3639eec32b6e79f8f89cd815a3ea581a944a74d943699b30122351512ed7344d5862fcfc6d85422e6d1d27dc849beb6a5e388928c79daf14e3

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7622

C2

botanlink.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\50ed0329ffb7ae83f7a8042ef7f6bd5af5f308e52f479965358cfe4d646b1847.exe
    "C:\Users\Admin\AppData\Local\Temp\50ed0329ffb7ae83f7a8042ef7f6bd5af5f308e52f479965358cfe4d646b1847.exe"
    1⤵
      PID:1836

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1836-55-0x0000000000230000-0x000000000023B000-memory.dmp

            Filesize

            44KB

          • memory/1836-54-0x0000000000220000-0x000000000022A000-memory.dmp

            Filesize

            40KB

          • memory/1836-56-0x0000000000400000-0x0000000000475000-memory.dmp

            Filesize

            468KB