General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • Sample

    220328-nyjerahgd4

  • MD5

    34819f3e4ba7671fba38c7b1ebbbdfe9

  • SHA1

    cad7c6a7c651a0288226dcc38981cb959884be8d

  • SHA256

    52025d90356119878f1b2ddb3361a9892d8e2762d583ed109af7b8f06c9c0b2f

  • SHA512

    3b1943ded4aea5b6cba5102cfaf69f634d13d82b1805f9cd558516e11446d10ad995c1b3dde138fde23300c0287a385f77b3dcf7d7cea7efadaed505dcafbd70

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

46.30.43.44

185.154.52.213

185.154.53.38

Attributes
  • base_path

    /drew/

  • build

    250225

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      43KB

    • MD5

      34819f3e4ba7671fba38c7b1ebbbdfe9

    • SHA1

      cad7c6a7c651a0288226dcc38981cb959884be8d

    • SHA256

      52025d90356119878f1b2ddb3361a9892d8e2762d583ed109af7b8f06c9c0b2f

    • SHA512

      3b1943ded4aea5b6cba5102cfaf69f634d13d82b1805f9cd558516e11446d10ad995c1b3dde138fde23300c0287a385f77b3dcf7d7cea7efadaed505dcafbd70

    Score
    1/10

MITRE ATT&CK Matrix

Tasks