General

  • Target

    eda3487d5cce3777e504ae88f362c2352de1642fa86200e005ba5a7a3bfbdec0

  • Size

    290KB

  • Sample

    220321-j5mcrsach2

  • MD5

    f9fdaa602c4c427bb4a32640ad9ace1d

  • SHA1

    28cfc8e7d3126a409b8052b7a7e24750790616f8

  • SHA256

    eda3487d5cce3777e504ae88f362c2352de1642fa86200e005ba5a7a3bfbdec0

  • SHA512

    ec0d214fc3fe5034d188a6e16c070e8a0d8c4f147c6a5ce6db1f7e8a4b59b698cf58bd591f2d8d67c6facab3bf4b4957c34756239482aad9743b87708be8ed3a

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7622

C2

botanlink.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      eda3487d5cce3777e504ae88f362c2352de1642fa86200e005ba5a7a3bfbdec0

    • Size

      290KB

    • MD5

      f9fdaa602c4c427bb4a32640ad9ace1d

    • SHA1

      28cfc8e7d3126a409b8052b7a7e24750790616f8

    • SHA256

      eda3487d5cce3777e504ae88f362c2352de1642fa86200e005ba5a7a3bfbdec0

    • SHA512

      ec0d214fc3fe5034d188a6e16c070e8a0d8c4f147c6a5ce6db1f7e8a4b59b698cf58bd591f2d8d67c6facab3bf4b4957c34756239482aad9743b87708be8ed3a

MITRE ATT&CK Enterprise v6

Tasks