Analysis

  • max time kernel
    4294186s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    21/03/2022, 08:15

General

  • Target

    f1d890163f681d1c94337e6459b9c233180ebe755e94095315f7acf0171e1eea.exe

  • Size

    274KB

  • MD5

    4fe6296c8b2154cf5f562aabafd9c5fb

  • SHA1

    297b3aac174cf4a4730725e817171ab329265c29

  • SHA256

    f1d890163f681d1c94337e6459b9c233180ebe755e94095315f7acf0171e1eea

  • SHA512

    7db839a57e78c59324dfa38f31e10e17704cdd47d9dc228d52150153fe875e8ec2ac745bcc8ea62c080e3e94007fe025212c1325aaabb41f7200eda724c0dc50

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7622

C2

botanlink.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1d890163f681d1c94337e6459b9c233180ebe755e94095315f7acf0171e1eea.exe
    "C:\Users\Admin\AppData\Local\Temp\f1d890163f681d1c94337e6459b9c233180ebe755e94095315f7acf0171e1eea.exe"
    1⤵
      PID:1724

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1724-54-0x0000000000220000-0x000000000022A000-memory.dmp

            Filesize

            40KB

          • memory/1724-55-0x00000000002B0000-0x00000000002BB000-memory.dmp

            Filesize

            44KB

          • memory/1724-56-0x0000000000400000-0x0000000000475000-memory.dmp

            Filesize

            468KB