General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • MD5

    e7f49957d916e15bf8449f566e9eda8c

  • SHA1

    391c87ab0dbcc802a8f8d727380caa4c8e9bc781

  • SHA256

    cba3ec7d0bc169ca0ce4a53d8d2ee753354991867fc0264a93639300e4f6f333

  • SHA512

    51980f17730a8e90ec06ae7e14beaa9fb2a5d71230239c869fc5bea13fbfd350e24ad39cf36ed5e783b31d75ca5f095f14f07eaa410e886ad3197022fbef4d75

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7622

C2

botanlink.top

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • gozi.payload-disk
    .dll windows x86

    0d41e840891676bdaee3e54973cf5a69


    Code Sign

    Headers

    Imports

    Sections