General

  • Target

    31a1197c1f7a1cb2b53bd1bb7fe2e1f8.dll

  • Size

    300KB

  • Sample

    220810-r1zrasdda9

  • MD5

    31a1197c1f7a1cb2b53bd1bb7fe2e1f8

  • SHA1

    b30bf29948b2905db6b106d868b334e423ff4ebe

  • SHA256

    1277c4177d2b564b221a369c587c6a99558253234f37bfbf19fef3a63bce88b5

  • SHA512

    6e65cada52581339a702ae83b63c83a2b52a8982b30b117042cec5e7fac44c61e27d2286ecc3d3fb89ed04ad4bef8414183d0bdd81c109a656b0e158f82b4ef7

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

79.110.52.8

79.110.52.80

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      31a1197c1f7a1cb2b53bd1bb7fe2e1f8.dll

    • Size

      300KB

    • MD5

      31a1197c1f7a1cb2b53bd1bb7fe2e1f8

    • SHA1

      b30bf29948b2905db6b106d868b334e423ff4ebe

    • SHA256

      1277c4177d2b564b221a369c587c6a99558253234f37bfbf19fef3a63bce88b5

    • SHA512

      6e65cada52581339a702ae83b63c83a2b52a8982b30b117042cec5e7fac44c61e27d2286ecc3d3fb89ed04ad4bef8414183d0bdd81c109a656b0e158f82b4ef7

MITRE ATT&CK Matrix

Tasks