General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • MD5

    21e836bd521081f8b97c3e5a31822afe

  • SHA1

    fec35c2a1f2d362356573b25f0dd4a50c7be842e

  • SHA256

    e6f3b5857a2da506a0f5470400655fc4011600ae4253bba3dae85f7e6a9be6c2

  • SHA512

    c27856e4c417ff414c9365d68276a6678449886ac95bb99051fe61024fe2493c01cdd40789e89a0d047d18419db6fcd8085b7876cff3dbc8cd54f4623a6b3977

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

7613

C2

interlines.top

interlines.space

linkspremium.ru

premiumlists.ru

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Signatures

Files

  • gozi.payload-disk
    .dll windows x86

    0d41e840891676bdaee3e54973cf5a69


    Code Sign

    Headers

    Imports

    Sections