General

  • Target

    bc2bd3c448b2348629da59a454f409ad5b60f2eb21f175e7e49dd04b2703c0ea

  • Size

    273KB

  • Sample

    220321-j5mcrsafcj

  • MD5

    cb48ba54cf73cba6499d7622b50b89da

  • SHA1

    9311c9855479396b7c9725c3eb9cedde7e1378ec

  • SHA256

    bc2bd3c448b2348629da59a454f409ad5b60f2eb21f175e7e49dd04b2703c0ea

  • SHA512

    3749df35f8a6221a4010c03f873dd5b3a00438ee91c8c5845d700409e510e5527f7551e34b23cc1fcef9679cdcece62195fd743476c4e25663057058dab74ba4

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7622

C2

botanlink.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      bc2bd3c448b2348629da59a454f409ad5b60f2eb21f175e7e49dd04b2703c0ea

    • Size

      273KB

    • MD5

      cb48ba54cf73cba6499d7622b50b89da

    • SHA1

      9311c9855479396b7c9725c3eb9cedde7e1378ec

    • SHA256

      bc2bd3c448b2348629da59a454f409ad5b60f2eb21f175e7e49dd04b2703c0ea

    • SHA512

      3749df35f8a6221a4010c03f873dd5b3a00438ee91c8c5845d700409e510e5527f7551e34b23cc1fcef9679cdcece62195fd743476c4e25663057058dab74ba4

    • Gozi, Gozi IFSB

      Gozi ISFB is a well-known and widely distributed banking trojan.

    • suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

      suricata: ET MALWARE Ursnif Variant CnC Beacon - URI Struct M2 (_2F)

MITRE ATT&CK Enterprise v6

Tasks