General

  • Target

    03ff07649176bc724f5ec93c4ec4a0eb6eb5857aefa4b23040c4f1a1ff974097

  • Size

    460KB

  • Sample

    220812-armxpsebhl

  • MD5

    55aadd23519dec238c6ddeea9d2613b8

  • SHA1

    60606d0d711ace56a6306209756e2c02dff7d9a5

  • SHA256

    ddb1e53e29471cfec9e3240a0f27b647fb060a41f96192fa3fbc0a07696490c6

  • SHA512

    a27d5b7348e490dbf53a3984527ee92e29a0c17c84a555e95696f37cb3e1dbf9f01904216cf3572f1f0546fdae0571d613d7ba559456d30ac884de34a2819536

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

79.110.52.8

79.110.52.80

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      03ff07649176bc724f5ec93c4ec4a0eb6eb5857aefa4b23040c4f1a1ff974097

    • Size

      634KB

    • MD5

      4419b2a8f9c21f0ea3192ef2ed634942

    • SHA1

      145974bc0ad6c90158e6ccb188b3588e270084fc

    • SHA256

      03ff07649176bc724f5ec93c4ec4a0eb6eb5857aefa4b23040c4f1a1ff974097

    • SHA512

      e6a69e9b6488622ce5aa531f7ae0e28989b187b198172b0d664cc6e4ebc5062c1ec08983ebf4c1335e415adbf5673a21ec3ab1e5bb0349dad90a8d214ff26abb

MITRE ATT&CK Matrix

Tasks