General

  • Target

    e1029789f70054736738b7861f9e5e7305aca6abb3c752fcc3a2bb361fc1e4f6

  • Size

    246KB

  • Sample

    220812-a9cvfshaa3

  • MD5

    924cffc2e11e9cb4f3fd8d6b7fd06f5f

  • SHA1

    4d087054a76637de2ca84cd14c4fe363c663f8c5

  • SHA256

    d872b6ae317c2d29d79db97bf53c550c00dfc3f677d48a6a3cca70857315aca2

  • SHA512

    76879a64b1fa1a82b2da81311a496000ca61913b568b89287f614a560fd17a22c782ff4c770dc1e311719811922902c339822a2aabbd3b739e02cfaa88839ef2

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

79.110.52.8

79.110.52.80

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      e1029789f70054736738b7861f9e5e7305aca6abb3c752fcc3a2bb361fc1e4f6

    • Size

      349KB

    • MD5

      918b6c9700deb71f57f0ea15c87570a2

    • SHA1

      1ea39c732d0a2b9f0fcbaf03a6876a60c6a88772

    • SHA256

      e1029789f70054736738b7861f9e5e7305aca6abb3c752fcc3a2bb361fc1e4f6

    • SHA512

      ca35b379add5a2c3f4c0a7abc58869763a5abe6892074ef7a3809e666333b2da96b07c0984f6c96b1a2e72689cefae6bf01af4a2978dd35887722e0c05c080ed

MITRE ATT&CK Matrix

Tasks