General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • Sample

    220321-qt4w1acgen

  • MD5

    21e836bd521081f8b97c3e5a31822afe

  • SHA1

    fec35c2a1f2d362356573b25f0dd4a50c7be842e

  • SHA256

    e6f3b5857a2da506a0f5470400655fc4011600ae4253bba3dae85f7e6a9be6c2

  • SHA512

    c27856e4c417ff414c9365d68276a6678449886ac95bb99051fe61024fe2493c01cdd40789e89a0d047d18419db6fcd8085b7876cff3dbc8cd54f4623a6b3977

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7613

C2

interlines.top

interlines.space

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      43KB

    • MD5

      21e836bd521081f8b97c3e5a31822afe

    • SHA1

      fec35c2a1f2d362356573b25f0dd4a50c7be842e

    • SHA256

      e6f3b5857a2da506a0f5470400655fc4011600ae4253bba3dae85f7e6a9be6c2

    • SHA512

      c27856e4c417ff414c9365d68276a6678449886ac95bb99051fe61024fe2493c01cdd40789e89a0d047d18419db6fcd8085b7876cff3dbc8cd54f4623a6b3977

    Score
    1/10

MITRE ATT&CK Matrix

Tasks