General

  • Target

    gozi.payload-disk

  • Size

    43KB

  • Sample

    220817-z927sachgp

  • MD5

    f2ad11fb909f3a617e694fefb24fa193

  • SHA1

    ef6e6f47ac66240f68a04ebeab0a77ef7b3e42c2

  • SHA256

    9f2520404452a6b55b19756cb6d1af5da60a0b43a549aab85dc9cb49d3d59cae

  • SHA512

    1020d5ecf0541fa07651db1190c0ff2a125bbdbe39e7378b0d3793419b528464d14e97d56cc78f74a7d3e9070011a03f838c4b08fc5c65fc23c9902e41073cb9

  • SSDEEP

    768:TxlYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVp7:NlYhzJ2VQEFf/2VYuAZOzNM7uyH

Score
10/10

Malware Config

Extracted

Family

gozi_ifsb

Botnet

3000

C2

config.edge.skype.com

superstarts.top

superlist.top

internetcoca.in

193.106.191.163

Attributes
  • base_path

    /drew/

  • build

    250240

  • exe_type

    loader

  • extension

    .jlk

  • server_id

    50

rsa_pubkey.plain
aes.plain

Targets

    • Target

      gozi.payload-disk

    • Size

      43KB

    • MD5

      f2ad11fb909f3a617e694fefb24fa193

    • SHA1

      ef6e6f47ac66240f68a04ebeab0a77ef7b3e42c2

    • SHA256

      9f2520404452a6b55b19756cb6d1af5da60a0b43a549aab85dc9cb49d3d59cae

    • SHA512

      1020d5ecf0541fa07651db1190c0ff2a125bbdbe39e7378b0d3793419b528464d14e97d56cc78f74a7d3e9070011a03f838c4b08fc5c65fc23c9902e41073cb9

    • SSDEEP

      768:TxlYhzJ2VQEFfLCUeQCuu6Mf39Y+RMRZOz4yM7gp/6lvVp7:NlYhzJ2VQEFf/2VYuAZOzNM7uyH

    Score
    1/10

MITRE ATT&CK Matrix

Tasks